CVE-2024-45137

Name of the Vulnerable Software and Affected Versions InDesign Desktop versions 19.4, 18.5.3 and earlier

Description The issue is related to an Unrestricted Upload of File with Dangerous Type, which could result in arbitrary code execution. An attacker could exploit this by uploading a malicious file, allowing them to run arbitrary code in the context of the server. Exploitation requires user interaction.

Recommendations For versions 19.4, 18.5.3 and earlier, consider disabling the file upload feature until a patch is available to prevent exploitation. Restrict access to the server to minimize the risk of arbitrary code execution. Avoid using the vulnerable file upload functionality in InDesign Desktop until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.