Adobe InDesign Insecure Library Loading Vulnerability (Win) Network Vulnerability

Summary

This host is installed with Adobe InDesign and is prone to insecure library loading vulnerability.

Impact

Successful exploitation will allow the attackers to execute arbitrary code and conduct DLL hijacking attacks. Impact Level: Application.

Solution

Upgrade Adobe InDesign to version CS4 6.0.6 or later, For updates refer to http://www.adobe.com/downloads

Insight

The flaw is due to the application insecurely loading certain librairies from the current working directory, which could allow attackers to execute arbitrary code by tricking a user into opening a file from a network share.

Affected

Adobe InDesign version CS4 6.0

References

http://secunia.com/advisories/41126
http://www.exploit-db.com/exploits/14775/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3153
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)
Adobe AIR Multiple Vulnerabilities-01 Aug14 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Windows)
Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)

Take action and discover your vulnerabilities