Adobe Security Bulletin
Security updates available for InDesign | APSB17-38
Bulletin ID Date Published Priority
November 14, 2017 3


Adobe has released an update for InDesign for Windows and Macintosh. This update addresses a critical memory corruption vulnerability due to improper handling of a malformed .inx file.

Affected versions

Product Affected version Platform
12.1.0 and earlier versions
Windows and Macintosh


Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version:

Product Updated version Platform Priority rating Availability
InDesign 13.0 Windows and Macintosh 3 Release Notes

For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information.

Vulnerability Details

Vulnerability Category Vulnerability Impact Severity CVE Number
Memory Corruption Remote Code Execution Critical CVE-2017-11302


Adobe would like to thank Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue and for working with Adobe to help protect our customers.