Critical Adobe Security Flaws Let Attacker Execute Arbitrary Code


Adobe addressed critical security issues in ColdFusion and InDesign. Users should install security updates immediately to ensure system safety.

Stay informed and prioritize security maintenance to address potential threats.

CSN

Attackers can exploit the vulnerabilities to execute arbitrary code, cause memory leaks, and bypass features.

Adobe ColdFusion | APSB23-40

ColdFusion, developed by Adobe, is a platform for creating and deploying web and mobile applications.

Adobe released updates for ColdFusion versions 2023, 2021, and 2018 to resolve the Improper Access Control and Deserialization of Untrusted Data.

There are flaws in the ColdFusion that can allow an attacker to execute arbitrary code and bypass security features.

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Improper Access Control (CWE-284) Security feature bypass
Critical CVE-2023-29298
Deserialization of Untrusted Data (CWE-502) Arbitrary code execution Critical CVE-2023-29300
Improper Restriction of Excessive Authentication Attempts (CWE-307) Security feature bypass Important CVE-2023-29301

Affected versions

Product Update number
ColdFusion 2018 Update 16 and earlier versions    
ColdFusion 2021 Update 6 and earlier versions
ColdFusion 2023 GA Release (2023.0.0.330468)

Fixed Version

Product Updated Version
ColdFusion 2018 Update 17
ColdFusion 2021 Update 7
ColdFusion 2023 Update 1 

Adobe InDesign | APSB23-38

InDesign by Adobe is a tool for producing digital media like flyers, posters, stationery, slideshows, and other materials.

Update Adobe InDesign to protect against security vulnerabilities that can be exploited by attackers to execute arbitrary code and cause memory leaks.

Vulnerability Category Vulnerability Impact Severity CVE Number
Out-of-bounds Write (CWE-787) Arbitrary code execution Critical CVE-2023-29308
Out-of-bounds Read (CWE-125) Memory leak Important CVE-2023-29309
Out-of-bounds Read (CWE-125) Memory leak Important CVE-2023-29310
Out-of-bounds Read (CWE-125) Memory leak Important CVE-2023-29311
Out-of-bounds Read (CWE-125) Memory leak Important CVE-2023-29312
Out-of-bounds Read (CWE-125) Memory leak Important CVE-2023-29313
Out-of-bounds Read (CWE-125) Memory leak Important CVE-2023-29314
Out-of-bounds Read (CWE-125) Memory leak Important CVE-2023-29315
Out-of-bounds Read (CWE-125) Memory leak Important CVE-2023-29316
Out-of-bounds Read (CWE-125) Memory leak Important CVE-2023-29317
Out-of-bounds Read (CWE-125) Memory leak Important CVE-2023-29318
Out-of-bounds Read (CWE-125) Memory leak Important CVE-2023-29319

Affected Versions

Product Affected version Platform
Adobe InDesign ID18.3 and earlier version. Windows and macOS 
Adobe InDesign ID17.4.1 and earlier version.                                          Windows and macOS 

Patched Versions

Product Updated version Platform Priority rating
Adobe InDesign ID18.4 Windows and macOS 3
Adobe InDesign ID17.4.2 Windows and macOS 3

Adobe released further details about the flaw and credited security researchers for reporting the vulnerabilities.



Source link