CVE-2022-28854 Adobes InDesign versions 16.4.2 and earlier are affected by a memory disclosure vulnerability that could be exploited to bypass ASLR.
In addition, it is important to note that InDesign is not directly affected by this issue. However, the updated versions of InDesign received as part of this patch package will address the CVE that was privately reported to Adobe.
Adobe ColdFusion versions 9.0.1 (9.0.0), 10.0.1 (10.0.0), and 10.1.0 (10.0.1) are affected by a SQL injection vulnerability that could be leveraged by attackers to execute arbitrary SQL commands. This issue impacts all versions of Adobe ColdFusion, including those that are no longer supported.
An attacker could exploit this vulnerability to obtain access to critical system data or cause a denial of service. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted request.
Adobe XMP Panels versions 2.6.0 and earlier are affected by a XSS flaw that could be exploited by attackers to install a malicious XMP panel. An attacker could exploit this vulnerability to install a malicious XMP panel.
In addition, Adobe XMP Panels versions 2.6.0 and earlier are affected by a cross-site scripting flaw that could be exploited by attackers to install a malicious XMP panel. An attacker could exploit this vulnerability to install a malicious XMP panel.
In addition, Adobe XMP Panels versions 2.6.0 and earlier are affected by a cross-
What is Adobe InDesign?
Adobe InDesign is a desktop publishing software application for creating, editing and publishing professional-looking documents.
Adobe InDesign has two components : the Authoring application and the Advanced Server that controls the distribution of content to print jobs. A customer uses the tool to create desktop applications, interactive PDFs, reports, books and magazines along with other document types. The Authoring application is available on Windows operating systems while the Advanced Server is available on Windows or Macintosh platforms. Adobe InDesign CS5 (5.0) was released in 2010 after several years of upgrades.
Mitigation Strategies
The following mitigation strategies are available.
- Apply the update provided by Adobe to replace ColdFusion with ColdFusion 9.0.2 or later, which has not been impacted by this vulnerability.
- Apply a supplemental update to Adobe XMP Panels to replace all vulnerable versions with a fixed version.
- Restrict access to the affected application and its underlying data.
- Implement appropriate risk management controls and monitor for any suspicious behavior on your ColdFusion and Adobe XMP Panels servers.
Adobe Animate CC 2018
Adobe Animate CC 2018 is a software application that allows users to create and publish animated projects. The software supports the following formats:
- Flash (.fla)
- ActionScript 3.0 (.as3)
- HTML5 (.html5)
- Flex (.flex)
- XML Paper Specification (.xml)
The update addresses the following vulnerabilities:
A remote code execution vulnerability was discovered in Adobe Animate CC 2018. An attacker could exploit this vulnerability to take control of the affected system. This issue affects all supported versions of Adobe Animate CC 2018. A vulnerability in an unspecified component could allow a remote attacker to cause a denial of service (DoS). This issue impacts all supported versions of Adobe Animate CC 2018. An unspecified vulnerability could result in data being copied outside the bounds of its intended use, with no authentication required. This issue affects all supported versions of Adobe Animate CC 2018. A security bypass vulnerability was identified that allowed attackers to bypass an authorization check by using social engineering tactics on Windows or Mac OS X systems running Adobe Creative Cloud applications. This issue impacts all supported versions of Adobe Creative Cloud applications, including: - Photoshop CC 2018 (16.1, 16.0, 15.4, 15.3, 15.2 ,15 ) - Illustrator CC 2017 (14.1, 14 ,13 ,12 ) - InDesign CC 2017 (13 ) - Acrobat DC Continuous 2019 (
Timeline
Published on: 09/16/2022 18:15:00 UTC
Last modified on: 09/20/2022 18:36:00 UTC