Kaspersky LabKLA10037KLA10037 ACE vulnerability in Adobe InDesign
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
AI Score
Confidence
Low
0.02 Low
EPSS
Percentile
89.0%
A critical vulnerability was found in Adobe InDesign and InCopy. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited locally and possibly remotely at a point related to an untrusted path via DLL hijacking.
Original advisories
Exploitation
Public exploits exist for this vulnerability.
Related products
CVE list
CVE-2010-3153 critical
Solution
Update to latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Affected Products
- Adobe InDesign versions CS5 7.0.2 and earlier for WindowsAdobe InDesign Server versions CS5 7.0.2 and earlier for WindowsAdobe InCopy versions CS5 7.0.2 and earlier for Windows
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
AI Score
Confidence
Low
0.02 Low
EPSS
Percentile
89.0%