Lucene search

K
openvasCopyright (C) 2024 Greenbone AGOPENVAS:1361412562310832958
HistoryApr 24, 2024 - 12:00 a.m.

Adobe InDesign Multiple Vulnerabilities (APSB23-55) - Windows

2024-04-2400:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
6
application denial-of-service vulnerability
memory leak vulnerability
windows
adobe indesign
vulnerabilities
version 18.5.1
version 19.0
cve-2023-44341
cve-2023-44342
cve-2023-44343
cve-2023-44344
cve-2023-44345
cve-2023-44346
cve-2023-44347
security update
denial of service

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

Adobe InDesign is prone to multiple
vulnerabilities.

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:adobe:indesign_server";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.832958");
  script_version("2024-05-03T05:05:25+0000");
  script_cve_id("CVE-2023-44341", "CVE-2023-44342", "CVE-2023-44343", "CVE-2023-44344",
                "CVE-2023-44345", "CVE-2023-44346", "CVE-2023-44347");
  script_tag(name:"cvss_base", value:"4.9");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"last_modification", value:"2024-05-03 05:05:25 +0000 (Fri, 03 May 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2024-02-29 01:41:14 +0000 (Thu, 29 Feb 2024)");
  script_tag(name:"creation_date", value:"2024-04-24 06:43:04 +0530 (Wed, 24 Apr 2024)");
  script_name("Adobe InDesign Multiple Vulnerabilities (APSB23-55) - Windows");

  script_tag(name:"summary", value:"Adobe InDesign is prone to multiple
  vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present
  on the target host.");

  script_tag(name:"insight", value:"These vulnerabilities exist:

  - CVE-2023-44341: Application denial-of-service vulnerability

  - CVE-2023-44342: Memory leak vulnerability

  Please see the references for more information on the vulnerabilities.");

  script_tag(name:"impact", value:"Successful exploitation allows an attacker
  to cause a memory leak and denial of service.");

  script_tag(name:"affected", value:"Adobe InDesign 18.x through 18.5 and 17.x
  through 17.4.2 on Windows.");

  script_tag(name:"solution", value:"Update to version 18.5.1 or 19.0 or
  later.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"registry");
  script_xref(name:"URL", value:"https://helpx.adobe.com/security/products/indesign/apsb23-55.html");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("General");
  script_dependencies("secpod_adobe_indesign_detect.nasl");
  script_mandatory_keys("Adobe/InDesign/Ver");
  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE ))
  exit(0);

vers = infos["version"];
path = infos["location"];

if(version_in_range(version: vers, test_version: "18.0", test_version2: "18.5")) {
  fix = "18.5.1";
}

if(version_in_range(version: vers, test_version: "17.0", test_version2: "17.4.2")) {
  fix = "19.0";
}

if(fix) {
  report = report_fixed_ver(installed_version: vers, fixed_version: fix, install_path: path);
  security_message(port:0, data: report);
  exit(0);
}

exit(99);

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

Related for OPENVAS:1361412562310832958