Lucene search
Mat Powell of Trend Micro Zero Day InitiativeZDI-23-078HistoryJan 18, 2023 - 12:00 a.m.
Adobe InCopy Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
2023-01-1800:00:00
Mat Powell of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
4
adobe incopy
remote code execution
font parsing
vulnerability
remote attackers
arbitrary code
user interaction
malicious file
embedded fonts
allocated buffer
current process
0.003 Low
EPSS
Percentile
71.4%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of embedded fonts. Crafted data in a font can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Related
cve
cve
CVE-2023-21597
2023-01-13 21:15:15
prion
prion
Cross site scripting
2023-01-13 21:15:00
cnvd
cnvd
Adobe InCopy out-of-bounds write vulnerability (CNVD-2023-05226)
2023-01-14 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2023-21597
2023-01-13 21:15:15
nessus
nessus
Adobe InCopy < 17.4.1 / 18.0 < 18.1.0 Multiple Vulnerabilities (APSB23-08)
2023-01-11 00:00:00
adobe
adobe
APSB23-08 : Security update available for Adobe InCopy
2023-01-10 00:00:00