CVE-2020-9727:Memory corruption vulnerability in Adobe InDesign 15.1.1 and earlier that could lead to code execution.

splash
Back

Description Preview

A critical memory corruption vulnerability (CWE-787: Out-of-bounds Write) exists in Adobe InDesign 15.1.1 and earlier versions. The vulnerability stems from insecure handling of malicious .indd files, which could be exploited to cause an out-of-bounds memory access. If successfully exploited, this vulnerability could potentially allow an attacker to execute arbitrary code in the context of the current user, potentially leading to unauthorized access to sensitive information or system compromise.

Overview

The vulnerability (CVE-2020-9727) affects Adobe InDesign 15.1.1 and earlier versions. It occurs when the application processes specially crafted .indd files. Due to improper validation of input data, an attacker could create a malicious InDesign document that, when opened by a victim, triggers an out-of-bounds memory access. This memory corruption could be leveraged to execute arbitrary code with the same privileges as the user running InDesign. The vulnerability is particularly concerning for organizations where InDesign is commonly used to open files from various sources, including clients, partners, or other external entities.

Remediation

To address this vulnerability, users should:

  1. Update Adobe InDesign to the latest version as specified in the Adobe security bulletin APSB20-52.
  2. Apply the security patches provided by Adobe for affected versions.
  3. Exercise caution when opening .indd files from unknown or untrusted sources.
  4. Consider implementing application control solutions that can prevent the execution of malicious code.
  5. Ensure that users are operating with the principle of least privilege to minimize the potential impact of successful exploitation.

References

  1. Adobe Security Bulletin APSB20-52: https://helpx.adobe.com/security/products/indesign/apsb20-52.html
  2. Common Weakness Enumeration (CWE-787): Out-of-bounds Write
  3. MITRE CVE Entry: CVE-2020-9727

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Health Care & Social Assistance
    Health Care & Social Assistance
  3. Public Administration
    Public Administration
  4. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  5. Educational Services
    Educational Services
  6. Finance and Insurance
    Finance and Insurance
  7. Retail Trade
    Retail Trade
  8. Transportation & Warehousing
    Transportation & Warehousing
  9. Management of Companies & Enterprises
    Management of Companies & Enterprises
  10. Utilities
    Utilities
  11. Accommodation & Food Services
    Accommodation & Food Services
  12. Other Services (except Public Administration)
    Other Services (except Public Administration)
  13. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  14. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  15. Construction
    Construction
  16. Information
    Information
  17. Mining
    Mining
  18. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  19. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background