InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which, when executed, could run arbitrary code in the context of the server. Exploitation of this issue requires user interaction.
Metrics
Affected Vendors & Products
References
History
Fri, 18 Oct 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apple
Apple macos Microsoft Microsoft windows |
|
CPEs | cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
|
Vendors & Products |
Apple
Apple macos Microsoft Microsoft windows |
Wed, 09 Oct 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Adobe
Adobe indesign |
|
CPEs | cpe:2.3:a:adobe:indesign:-:*:*:*:*:*:*:* | |
Vendors & Products |
Adobe
Adobe indesign |
|
Metrics |
ssvc
|
Wed, 09 Oct 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which, when executed, could run arbitrary code in the context of the server. Exploitation of this issue requires user interaction. | |
Title | InDesign Desktop | Unrestricted Upload of File with Dangerous Type (CWE-434) | |
Weaknesses | CWE-434 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: adobe
Published: 2024-10-09T14:18:39.512Z
Updated: 2024-10-09T16:04:13.405Z
Reserved: 2024-08-21T23:00:59.349Z
Link: CVE-2024-45137
Vulnrichment
Updated: 2024-10-09T16:04:07.008Z
NVD
Status : Analyzed
Published: 2024-10-09T15:15:13.373
Modified: 2024-10-18T14:20:27.983
Link: CVE-2024-45137
Redhat
No data.