Bulletin ID
Last updated on
Security updates available for InDesign | APSB17-38
|
|
Date Published |
Priority |
|---|---|---|
|
APSB17-38 |
November 14, 2017 |
3 |
Summary
Adobe has released an update for InDesign for Windows and Macintosh. This update addresses a critical memory corruption vulnerability due to improper handling of a malformed .inx file.
Affected versions
|
Product |
Affected version |
Platform |
|
InDesign |
12.1.0 and earlier versions |
Windows and Macintosh |
Solution
Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version:
|
Product |
Updated version |
Platform |
Priority rating |
Availability |
|
InDesign |
13.0 |
Windows and Macintosh |
3 |
For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information.
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Number |
|---|---|---|---|
|
Memory Corruption |
Remote Code Execution |
Critical |
CVE-2017-11302 |
Acknowledgments
Adobe would like to thank Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue and for working with Adobe to help protect our customers.
Sign in to your account