Lucene search
AdobeCVELIST:CVE-2020-9727HistorySep 10, 2020 - 6:29 p.m.
CVE-2020-9727 Out-of-bounds memory access could lead to code execution
2020-09-1018:29:34
CWE-788
adobe
www.cve.org
6
memory corruption
indesign
vulnerability
code execution
user context
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
39.9%
A memory corruption vulnerability exists in InDesign 15.1.1 (and earlier versions). Insecure handling of a malicious indd file could be abused to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.
CNA Affected
[
{
"product": "InDesign",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "15.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2020-9727
2020-09-10 19:15:13
prion
prion
Memory corruption
2020-09-10 19:15:00
cve
cve
CVE-2020-9727
2020-09-10 19:15:13
openvas
openvas
Adobe InDesign Security Update (APSB20-52) - Windows
2020-09-10 00:00:00
Adobe InDesign Security Update (APSB20-52) - Mac OS X
2020-09-10 00:00:00
adobe
adobe
APSB20-52 Security updates available for InDesign
2020-09-08 00:00:00
nessus
nessus
Adobe InDesign CC < 15.1.2 Arbitrary Code Execution (APSB20-52) (macOS)
2020-09-16 00:00:00
threatpost
threatpost
Critical Adobe Flaws Allow Attackers to Run JavaScript in Browsers
2020-09-08 16:52:23
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
39.9%
Related for CVELIST:CVE-2020-9727