Bulletin ID
Last updated on
May 16, 2021
Security updates available for InDesign | APSB17-38
|
|
Date Published |
Priority |
|---|---|---|
|
APSB17-38 |
November 14, 2017 |
3 |
Summary
Adobe has released an update for InDesign for Windows and Macintosh. This update addresses a critical memory corruption vulnerability due to improper handling of a malformed .inx file.
Affected versions
|
Product |
Affected version |
Platform |
|
InDesign |
12.1.0 and earlier versions |
Windows and Macintosh |
Solution
Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version:
|
Product |
Updated version |
Platform |
Priority rating |
Availability |
|
InDesign |
13.0 |
Windows and Macintosh |
3 |
For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information.
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Number |
|---|---|---|---|
|
Memory Corruption |
Remote Code Execution |
Critical |
CVE-2017-11302 |
Acknowledgments
Adobe would like to thank Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue and for working with Adobe to help protect our customers.
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online