Lucene search
Mat Powell of Trend Micro Zero Day InitiativeZDI-22-072HistoryJan 13, 2022 - 12:00 a.m.
Adobe InCopy JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
2022-01-1300:00:00
Mat Powell of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
16
adobe incopy
jpeg2000
parsing
vulnerability
remote code execution
user interaction
malicious file
validation
user-supplied data
allocated structure
current process
EPSS
0.004
Percentile
73.5%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process.
Related
cve
cve
CVE-2021-45053
2022-01-13 21:15:08
nvd
nvd
CVE-2021-45053
2022-01-13 21:15:08
cnvd
cnvd
Adobe InCopy out-of-bounds write vulnerability
2022-01-13 00:00:00
cvelist
cvelist
prion
prion
Cross site scripting
2022-01-13 21:15:00
adobe
adobe
APSB22-04 : Security update available for Adobe InCopy
2022-01-11 00:00:00
hivepro
hivepro
Security Updates in Multiple Products of Adobe
2022-01-12 10:29:55