Adobe InDesign Multiple Vulnerabilities (APSB23-55) - Windows

2024-04-2400:00:00

plugins.openvas.org

application denial-of-service vulnerability

memory leak vulnerability

windows

adobe indesign

vulnerabilities

version 18.5.1

version 19.0

cve-2023-44341

cve-2023-44342

cve-2023-44343

cve-2023-44344

cve-2023-44345

cve-2023-44346

cve-2023-44347

security update

denial of service

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

JSON

Adobe InDesign is prone to multiple
vulnerabilities.

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:adobe:indesign_server";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.832958");
  script_version("2024-05-03T05:05:25+0000");
  script_cve_id("CVE-2023-44341", "CVE-2023-44342", "CVE-2023-44343", "CVE-2023-44344",
                "CVE-2023-44345", "CVE-2023-44346", "CVE-2023-44347");
  script_tag(name:"cvss_base", value:"4.9");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"last_modification", value:"2024-05-03 05:05:25 +0000 (Fri, 03 May 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2024-02-29 01:41:14 +0000 (Thu, 29 Feb 2024)");
  script_tag(name:"creation_date", value:"2024-04-24 06:43:04 +0530 (Wed, 24 Apr 2024)");
  script_name("Adobe InDesign Multiple Vulnerabilities (APSB23-55) - Windows");

  script_tag(name:"summary", value:"Adobe InDesign is prone to multiple
  vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present
  on the target host.");

  script_tag(name:"insight", value:"These vulnerabilities exist:

  - CVE-2023-44341: Application denial-of-service vulnerability

  - CVE-2023-44342: Memory leak vulnerability

  Please see the references for more information on the vulnerabilities.");

  script_tag(name:"impact", value:"Successful exploitation allows an attacker
  to cause a memory leak and denial of service.");

  script_tag(name:"affected", value:"Adobe InDesign 18.x through 18.5 and 17.x
  through 17.4.2 on Windows.");

  script_tag(name:"solution", value:"Update to version 18.5.1 or 19.0 or
  later.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"registry");
  script_xref(name:"URL", value:"https://helpx.adobe.com/security/products/indesign/apsb23-55.html");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("General");
  script_dependencies("secpod_adobe_indesign_detect.nasl");
  script_mandatory_keys("Adobe/InDesign/Ver");
  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE ))
  exit(0);

vers = infos["version"];
path = infos["location"];

if(version_in_range(version: vers, test_version: "18.0", test_version2: "18.5")) {
  fix = "18.5.1";
}

if(version_in_range(version: vers, test_version: "17.0", test_version2: "17.4.2")) {
  fix = "19.0";
}

if(fix) {
  report = report_fixed_ver(installed_version: vers, fixed_version: fix, install_path: path);
  security_message(port:0, data: report);
  exit(0);
}

exit(99);