Multiple Critical Adobe Security Flaws Let Attacker to Execute Arbitrary Code

by Esmeralda McKenzie
Multiple Critical Adobe Security Flaws Let Attacker to Execute Arbitrary Code

Multiple Critical Adobe Security Flaws Let Attacker to Execute Arbitrary Code

Multiple Crucial Adobe Safety Flaws Let Attacker to Develop Arbitrary Code

Adobe addressed excessive security components in ColdFusion and InDesign. Customers can also silent set up security updates straight to originate determined that machine security.

Defend told and prioritize security upkeep to tackle capability threats.

Attackers can exploit the vulnerabilities to enact arbitrary code, region off memory leaks, and bypass aspects.

Adobe ColdFusion | APSB23-40

ColdFusion, developed by Adobe, is a platform for creating and deploying web and cell capabilities.

Adobe released updates for ColdFusion versions 2023, 2021, and 2018 to resolve the Destructive Accumulate admission to Control and Deserialization of Untrusted Knowledge.

There are flaws in the ColdFusion that might per chance per chance enable an attacker to enact arbitrary code and bypass security aspects.

Vulnerability Category Vulnerability Influence Severity CVE Numbers
Destructive Accumulate admission to Control (CWE-284) Safety function bypass
Crucial CVE-2023-29298
Deserialization of Untrusted Knowledge (CWE-502) Arbitrary code execution Crucial CVE-2023-29300
Destructive Restriction of Grievous Authentication Makes an strive (CWE-307) Safety function bypass Crucial CVE-2023-29301

Affected versions

Product Update amount
ColdFusion 2018 Update 16 and earlier versions
ColdFusion 2021 Update 6 and earlier versions
ColdFusion 2023 GA Unlock (2023.0.0.330468)

Mounted Model

Product Up thus a long way Model
ColdFusion 2018 Update 17
ColdFusion 2021 Update 7
ColdFusion 2023 Update 1

Adobe InDesign | APSB23-38

InDesign by Adobe is a tool for producing digital media savor flyers, posters, stationery, slideshows, and heaps of gives.

Update Adobe InDesign to guard against security vulnerabilities that is also exploited by attackers to enact arbitrary code and region off memory leaks.

Vulnerability Category Vulnerability Influence Severity CVE Number
Out-of-bounds Write (CWE-787) Arbitrary code execution Crucial CVE-2023-29308
Out-of-bounds Read (CWE-125) Reminiscence leak Crucial CVE-2023-29309
Out-of-bounds Read (CWE-125) Reminiscence leak Crucial CVE-2023-29310
Out-of-bounds Read (CWE-125) Reminiscence leak Crucial CVE-2023-29311
Out-of-bounds Read (CWE-125) Reminiscence leak Crucial CVE-2023-29312
Out-of-bounds Read (CWE-125) Reminiscence leak Crucial CVE-2023-29313
Out-of-bounds Read (CWE-125) Reminiscence leak Crucial CVE-2023-29314
Out-of-bounds Read (CWE-125) Reminiscence leak Crucial CVE-2023-29315
Out-of-bounds Read (CWE-125) Reminiscence leak Crucial CVE-2023-29316
Out-of-bounds Read (CWE-125) Reminiscence leak Crucial CVE-2023-29317
Out-of-bounds Read (CWE-125) Reminiscence leak Crucial CVE-2023-29318
Out-of-bounds Read (CWE-125) Reminiscence leak Crucial CVE-2023-29319

Affected Variations

Product Affected version Platform
Adobe InDesign ID18.3 and earlier version. Windows and macOS
Adobe InDesign ID17.4.1 and earlier version. Windows and macOS

Patched Variations

Product Up thus a long way version Platform Priority ranking
Adobe InDesign ID18.4 Windows and macOS 3
Adobe InDesign ID17.4.2 Windows and macOS 3

Adobe released further crucial aspects about the flaw and credited security researchers for reporting the vulnerabilities.

Source credit : cybersecuritynews.com

Related Posts