CVE-2022-28853 InDesign versions 16.4.2 and earlier are affected by a out-of-bounds write vulnerability that could lead to arbitrary code execution.
Creative Cloud and subscription users who had installed InDesign versions 16.4.2 or 17.3 are advised to immediately update to the latest version 17.5.1. Adobe has patched this issue in version 17.5.1. Creative Cloud and subscription users who had installed InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are advised to immediately update to the latest version 17.5.1. Adobe has patched this issue in version 17.5.1. Adobe has announced the resolution of this issue in version 17.5.1. As always, we recommend that users apply the latest updates to their systems. End-users who must install InDesign versions should be cautious when installing applications from untrusted sources.
What is the Adobe InDesign Vulnerability?
InDesign versions 16.4.2 and 17.3 are vulnerable to a remote code execution vulnerability (CVE-2022-28853). This vulnerability could be exploited by a maliciously crafted document that exploits a memory corruption vulnerability, leading to remote code execution on the target system.
Users who had installed InDesign versions 16.4.2 or 17.3 are advised to immediately update to the latest version 17.5.1, which fixes this issue in version 17.5.1
Users who had installed InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are advised to immediately update to the latest version 17.5.1, which fixes this issue in version 17.5.1
What is the issue?
InDesign versions 16.4.2 and 17.3 (and earlier) are vulnerable to a memory corruption vulnerability that could lead to code execution on the user's machine.
What is the "Missing Fonts" Vulnerability?
The "Missing Fonts" Vulnerability is a computer security vulnerability in Adobe InDesign and Creative Cloud applications. The vulnerability was discovered by Adobe Systems on June 8, 2018. It affects the following software:
- Current release versions of Adobe InDesign (versions 16.4.2 and 17.3)
- Current release versions of Creative Cloud Desktop Applications (CCDA) (version 17.5.1)
- Previous versions of Creative Cloud Desktop Applications (all versions 16.x through 17.4).
What is the 'InDesign XML External Entity Injection' issue?
CVE-2022-28853 is an XXE (XML external entity) security issue in InDesign that affects Adobe Creative Cloud and subscription users who had installed InDesign versions 16.4.2 or 17.3 are advised to immediately update to the latest version 17.5.1. Adobe has patched this issue in version 17.5.1.
Timeline
Published on: 09/16/2022 18:15:00 UTC
Last modified on: 09/20/2022 18:35:00 UTC