CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 0CVE-2020-9728 – Out-of-bounds memory access could lead to code execution
https://notcve.org/view.php?id=CVE-2020-9728
10 Sep 2020 — A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user. Se presenta una vulnerabilidad de corrupción de memoria en InDesign versión 15.1.1 (y versiones anteriores). Un manejo no seguro de un archivo indd malicioso podría ser abusado para causar un acceso a la memoria fuera de límites, resultando potenc... • https://helpx.adobe.com/security/products/indesign/apsb20-52.html • CWE-787: Out-of-bounds Write CWE-788: Access of Memory Location After End of Buffer •
CVSS: 10.0EPSS: 6%CPEs: 3EXPL: 0CVE-2019-7107
https://notcve.org/view.php?id=CVE-2019-7107
23 May 2019 — Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2. Las versiones de Adobe InDesign 14.0.1 y anteriores, tienen una vulnerabilidad de procesamiento de hipervínculo no seguro. Su explotación con éxito podría permitir la ejecución arbitraria de código. • http://www.securityfocus.com/bid/107821 •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2018-4927
https://notcve.org/view.php?id=CVE-2018-4927
19 May 2018 — Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation. Adobe InDesign, en versiones 13.0 y anteriores, tiene una vulnerabilidad explotable de ruta de búsqueda no fiable. Su explotación con éxito podría conducir al escalado de privilegios locales. • http://www.securityfocus.com/bid/103716 • CWE-426: Untrusted Search Path •
CVSS: 9.3EPSS: 2%CPEs: 3EXPL: 0CVE-2018-4928
https://notcve.org/view.php?id=CVE-2018-4928
19 May 2018 — Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. Adobe InDesign, en versiones 13.0 y anteriores, tiene una vulnerabilidad explotable de corrupción de memoria. Su explotación con éxito podría permitir la ejecución arbitraria de código en el contexto del usuario actual. • http://www.securityfocus.com/bid/103714 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 11%CPEs: 1EXPL: 0CVE-2017-11302
https://notcve.org/view.php?id=CVE-2017-11302
09 Dec 2017 — An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. Se ha descubierto un problema en Adobe InDesign 12.1.0 y anteriores. Existe una vulnerabilidad de corrupción de memoria explotable. • http://www.securityfocus.com/bid/101840 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 9%CPEs: 4EXPL: 0CVE-2016-7886
https://notcve.org/view.php?id=CVE-2016-7886
15 Dec 2016 — Adobe InDesign version 11.4.1 and earlier, Adobe InDesign Server 11.0.0 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. Adobe InDesign versión 11.4.1 y versiones anteriores, Adobe InDesign Server 11.0.0 y versiones anteriores tienen una vulnerabilidad explotable de corrupción de memoria. Una explotación exitosa puede resultar en una ejecución de código arbitrario. • http://www.securityfocus.com/bid/94868 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 9%CPEs: 1EXPL: 2CVE-2010-3153 – Adobe InDesign CS4 - 'ibfs32.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-3153
27 Aug 2010 — Untrusted search path vulnerability in Adobe InDesign CS4 6.0, InDesign CS5 7.0.2 and earlier, Adobe InDesign Server CS5 7.0.2 and earlier, and Adobe InCopy CS5 7.0.2 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as an .indl, .indp, .indt, or .inx file. Vulnerabilidad de ruta de búsqueda no confiable en Adobe InDesign CS4 v6.0 permite a usuarios locales, y puede que a... • https://www.exploit-db.com/exploits/14775 •
CVSS: 9.3EPSS: 37%CPEs: 1EXPL: 4CVE-2010-2321 – Adobe InDesign CS3 - '.INDD' Handling Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-2321
18 Jun 2010 — Buffer overflow in Adobe InDesign CS3 10.0 allows user-assisted remote attackers to execute arbitrary code via a crafted .indd file. Desbordamiento de búfer en Adobe InDesign CS3 v10.0, permite a atacantes remotos asistidos por usuarios, ejecutar código de su elección mediante un fichero .indd manipulado. • https://www.exploit-db.com/exploits/13817 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2006-0525
https://notcve.org/view.php?id=CVE-2006-0525
02 Feb 2006 — Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs. • http://secunia.com/advisories/18698 • CWE-264: Permissions, Privileges, and Access Controls •