Beveiligingsadvies NCSC-2024-0346 [1.00] [M/H] Kwetsbaarheden verholpen in Adobe InDesign
Security Advisory: Adobe InDesign Vulnerabilities
Introduction
The National Cyber Security Centre (NCSC) has issued a security advisory regarding vulnerabilities that have been addressed in Adobe InDesign. This advisory aims to provide comprehensive information on the nature of the vulnerabilities, their potential impact, and the solutions available to mitigate them.
Advisory Details
The details of the advisory, including its publication date, assessment of risk, and references, are summarized in the table below:
- Publication ID: NCSC-2024-0346
- Version: 1.00
- Date: Today
- Risk Level: Medium Likelihood, High Impact
Vulnerabilities Addressed
The advisory describes various types of vulnerabilities that have been mitigated in Adobe InDesign. These include:
- NULL Pointer Dereference
- Out-of-bounds Write
- Stack-based Buffer Overflow
- Out-of-bounds Read
- Heap-based Buffer Overflow
- Integer Overflow or Wraparound
Impact and Exploitation
According to Adobe, exploiting these vulnerabilities could allow an attacker to perform the following:
- Cause a Denial-of-Service (DoS) attack.
- Execute arbitrary code with the same permissions as the victim.
- Potentially access sensitive data.
For a successful attack, an attacker must trick the victim into opening a malicious file.
Affected Platforms and Products
The affected software identified in this advisory is as follows:
| Platforms | Products | Versions |
|---|---|---|
| Adobe InDesign |
Recommended Solutions
Adobe has released updates to mitigate these vulnerabilities. Users and administrators should apply these updates as soon as possible to prevent potential exploitation. For detailed information on these updates, refer to the Adobe Security Bulletin.
CVEs Addressed
The following Common Vulnerabilities and Exposures (CVE) identifiers are associated with these issues:
- CVE-2024-34127
- CVE-2024-39389
- CVE-2024-39390
- CVE-2024-39391
- CVE-2024-39393
- CVE-2024-39394
- CVE-2024-39395
- CVE-2024-41850
- CVE-2024-41851
- CVE-2024-41852
- CVE-2024-41853
- CVE-2024-41854
- CVE-2024-41866
Further Information
For a detailed review of the advisory, you can access it in various formats:
Disclaimer
By using this security advisory, you agree to the following terms. Despite the NCSC’s highest efforts to compile this security advisory, the NCSC does not guarantee the completeness, accuracy, or continuous update of this advisory. The information is provided solely as general information for professionals, and no rights can be derived from it. The NCSC and the State are not liable for any damages resulting from the use or inability to use this advisory, including damage due to incorrect or incomplete information. Dutch law applies to this advisory. Any disputes arising from or related to this advisory will be submitted to the courts in The Hague, including the provisional relief judge in summary proceedings.
For any additional information or clarifications, please refer to the official NCSC advisories page.
Een beveiligingsadvies wordt door het NCSC gepubliceerd naar aanleiding van een recent gevonden kwetsbaarheid of geconstateerde dreiging. In een beveiligingsadvies staat de beschrijving, de mogelijke gevolgen en mogelijke oplossingen van de kwetsbaarheid of dreiging.
Mitigerende maatregel beschikbaar op advisories.ncsc.nl
---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ----Opzoek naar de laatste updates uit onze securitylog?
---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ----