Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveAdobeCVE-2020-9729
HistorySep 10, 2020 - 7:15 p.m.

CVE-2020-9729

2020-09-1019:15:14
CWE-787
CWE-788
adobe
web.nvd.nist.gov
28
cve-2020-9729
memory corruption
indesign
vulnerability
code execution

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.9%

JSON

A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.

Affected configurations

Nvd
Vulners
Node
adobeindesignRange15.1.1
AND
applemacosMatch-
VendorProductVersionCPE
adobeindesign*cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "InDesign",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "15.1.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "None",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
prion 1
cvelist 1
openvas 2
adobe 1
nessus 1
threatpost 1
nvd
nvd
CVE-2020-9729
2020-09-10 19:15:14
prion
prion
Memory corruption
2020-09-10 19:15:00
cvelist
cvelist
CVE-2020-9729 Out-of-bounds memory access could lead to code execution
2020-09-10 18:29:21
openvas
openvas
Adobe InDesign Security Update (APSB20-52) - Windows
2020-09-10 00:00:00
Adobe InDesign Security Update (APSB20-52) - Mac OS X
2020-09-10 00:00:00
adobe
adobe
APSB20-52 Security updates available for InDesign
2020-09-08 00:00:00
nessus
nessus
Adobe InDesign CC < 15.1.2 Arbitrary Code Execution (APSB20-52) (macOS)
2020-09-16 00:00:00
threatpost
threatpost
Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers
2020-09-08 16:52:23

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.9%

JSON
Related for CVE-2020-9729
nvd1prion1cvelist1openvas2adobe1nessus1threatpost1