Bulletin ID
Last updated on
16 May 2021
Security updates available for InDesign | APSB17-38
|
|
Date Published |
Priority |
|---|---|---|
|
APSB17-38 |
November 14, 2017 |
3 |
Summary
Adobe has released an update for InDesign for Windows and Macintosh. This update addresses a critical memory corruption vulnerability due to improper handling of a malformed .inx file.
Affected versions
|
Product |
Affected version |
Platform |
|
InDesign |
12.1.0 and earlier versions |
Windows and Macintosh |
Solution
Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version:
|
Product |
Updated version |
Platform |
Priority rating |
Availability |
|
InDesign |
13.0 |
Windows and Macintosh |
3 |
For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information.
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Number |
|---|---|---|---|
|
Memory Corruption |
Remote Code Execution |
Critical |
CVE-2017-11302 |
Acknowledgments
Adobe would like to thank Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue and for working with Adobe to help protect our customers.