The vulnerability of Adobe InDesign’s computer layout automation tool, related to buffer overflow in the “cull” mechanism, allows attackers to execute arbitrary code within the context of the current user.

🗓️ 29 Nov 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 6 Views

InDesign automation tool buffer overflows in cull and bucket enable code execution as current user via crafted file.

Reporter	Title	Published	Views	Family All 15
Tenable Nessus	Adobe InDesign < 18.5.4 / 19.0 < 20.0.0 Multiple Vulnerabilities (APSB24-88)	15 Nov 202400:00	–	nessus
Tenable Nessus	Adobe InDesign < 18.5.4 / 19.0 < 20.0.0 Multiple Vulnerabilities (APSB24-88) (macOS)	18 Nov 202400:00	–	nessus
BDU FSTEC	The vulnerability of Adobe InDesign’s computer layout automation tool, related to buffer overflow in the “cull” mechanism, allows attackers to execute arbitrary code within the context of the current user.	29 Nov 202400:00	–	bdu_fstec
Circl	CVE-2024-49507	12 Nov 202423:05	–	circl
CNNVD	Adobe InDesign 安全漏洞	12 Nov 202400:00	–	cnnvd
CNVD	Unspecified Vulnerability in Adobe InDesign (CNVD-2024-46258)	15 Nov 202400:00	–	cnvd
CVE	CVE-2024-49507	12 Nov 202420:45	–	cve
Cvelist	CVE-2024-49507 InDesign Desktop \| Heap-based Buffer Overflow (CWE-122)	12 Nov 202420:45	–	cvelist
EUVD	EUVD-2024-43440	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Adobe InDesign	18 Nov 202411:14	–	ncsc

Vulners

Node

adobe_systems adobe_indesignRange≤18.5.2

OR

adobe_systems adobe_indesignRange≤19.5

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-49507
helpx	www.helpx.adobe.com/security/products/indesign/apsb24-88.html
web	www.web.nvd.nist.gov/view/vuln/detail

29 Nov 2024 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 27.2

CVSS 37.8

EPSS0.00461

Adobe InDesign buffer overflow cull mechanism bucket buffer arbitrary code execution crafted file current user