Multiple Critical Adobe Security Flaws Let Attacker to Execute Arbitrary Code
Adobe addressed excessive security components in ColdFusion and InDesign. Customers can also silent set up security updates straight to originate determined that machine security.
Defend told and prioritize security upkeep to tackle capability threats.
Attackers can exploit the vulnerabilities to enact arbitrary code, region off memory leaks, and bypass aspects.
Adobe ColdFusion | APSB23-40
ColdFusion, developed by Adobe, is a platform for creating and deploying web and cell capabilities.
Adobe released updates for ColdFusion versions 2023, 2021, and 2018 to resolve the Destructive Accumulate admission to Control and Deserialization of Untrusted Knowledge.
There are flaws in the ColdFusion that might per chance per chance enable an attacker to enact arbitrary code and bypass security aspects.
Vulnerability Category | Vulnerability Influence | Severity | CVE Numbers |
Destructive Accumulate admission to Control (CWE-284) | Safety function bypass |
Crucial | CVE-2023-29298 |
Deserialization of Untrusted Knowledge (CWE-502) | Arbitrary code execution | Crucial | CVE-2023-29300 |
Destructive Restriction of Grievous Authentication Makes an strive (CWE-307) | Safety function bypass | Crucial | CVE-2023-29301 |
Affected versions
Product | Update amount |
ColdFusion 2018 | Update 16 and earlier versions |
ColdFusion 2021 | Update 6 and earlier versions |
ColdFusion 2023 | GA Unlock (2023.0.0.330468) |
Mounted Model
Product | Up thus a long way Model |
---|---|
ColdFusion 2018 | Update 17 |
ColdFusion 2021 | Update 7 |
ColdFusion 2023 | Update 1 |
Adobe InDesign | APSB23-38
InDesign by Adobe is a tool for producing digital media savor flyers, posters, stationery, slideshows, and heaps of gives.
Update Adobe InDesign to guard against security vulnerabilities that is also exploited by attackers to enact arbitrary code and region off memory leaks.
Vulnerability Category | Vulnerability Influence | Severity | CVE Number |
---|---|---|---|
Out-of-bounds Write (CWE-787) | Arbitrary code execution | Crucial | CVE-2023-29308 |
Out-of-bounds Read (CWE-125) | Reminiscence leak | Crucial | CVE-2023-29309 |
Out-of-bounds Read (CWE-125) | Reminiscence leak | Crucial | CVE-2023-29310 |
Out-of-bounds Read (CWE-125) | Reminiscence leak | Crucial | CVE-2023-29311 |
Out-of-bounds Read (CWE-125) | Reminiscence leak | Crucial | CVE-2023-29312 |
Out-of-bounds Read (CWE-125) | Reminiscence leak | Crucial | CVE-2023-29313 |
Out-of-bounds Read (CWE-125) | Reminiscence leak | Crucial | CVE-2023-29314 |
Out-of-bounds Read (CWE-125) | Reminiscence leak | Crucial | CVE-2023-29315 |
Out-of-bounds Read (CWE-125) | Reminiscence leak | Crucial | CVE-2023-29316 |
Out-of-bounds Read (CWE-125) | Reminiscence leak | Crucial | CVE-2023-29317 |
Out-of-bounds Read (CWE-125) | Reminiscence leak | Crucial | CVE-2023-29318 |
Out-of-bounds Read (CWE-125) | Reminiscence leak | Crucial | CVE-2023-29319 |
Affected Variations
Product | Affected version | Platform |
Adobe InDesign | ID18.3 and earlier version. | Windows and macOS |
Adobe InDesign | ID17.4.1 and earlier version. | Windows and macOS |
Patched Variations
Product | Up thus a long way version | Platform | Priority ranking |
Adobe InDesign | ID18.4 | Windows and macOS | 3 |
Adobe InDesign | ID17.4.2 | Windows and macOS | 3 |
Adobe released further crucial aspects about the flaw and credited security researchers for reporting the vulnerabilities.
Source credit : cybersecuritynews.com