Multiple Critical Adobe Security Flaws Let Attacker to Execute Arbitrary Code

Adobe addressed critical security issues in ColdFusion and InDesign. Users should install security updates immediately to ensure system safety.

Stay informed and prioritize security maintenance to address potential threats.

Attackers can exploit the vulnerabilities to execute arbitrary code, cause memory leaks, and bypass features.

Adobe ColdFusion | APSB23-40

ColdFusion, developed by Adobe, is a platform for creating and deploying web and mobile applications.

Adobe released updates for ColdFusion versions 2023, 2021, and 2018 to resolve the Improper Access Control and Deserialization of Untrusted Data.

There are flaws in the ColdFusion that can allow an attacker to execute arbitrary code and bypass security features.

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
Improper Access Control (CWE-284)Security feature bypass
Deserialization of Untrusted Data (CWE-502)Arbitrary code executionCriticalCVE-2023-29300
Improper Restriction of Excessive Authentication Attempts (CWE-307)Security feature bypassImportantCVE-2023-29301

Affected versions

ProductUpdate number
ColdFusion 2018Update 16 and earlier versions    
ColdFusion 2021Update 6 and earlier versions
ColdFusion 2023GA Release (2023.0.0.330468)

Fixed Version

ProductUpdated Version
ColdFusion 2018Update 17
ColdFusion 2021Update 7
ColdFusion 2023Update 1 

Adobe InDesign | APSB23-38

InDesign by Adobe is a tool for producing digital media like flyers, posters, stationery, slideshows, and other materials.

Update Adobe InDesign to protect against security vulnerabilities that can be exploited by attackers to execute arbitrary code and cause memory leaks.

Vulnerability CategoryVulnerability ImpactSeverityCVE Number
Out-of-bounds Write (CWE-787)Arbitrary code executionCriticalCVE-2023-29308
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29309
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29310
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29311
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29312
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29313
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29314
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29315
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29316
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29317
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29318
Out-of-bounds Read (CWE-125)Memory leakImportantCVE-2023-29319

Affected Versions

ProductAffected versionPlatform
Adobe InDesignID18.3 and earlier version.Windows and macOS 
Adobe InDesignID17.4.1 and earlier version.                                         Windows and macOS 

Patched Versions

ProductUpdated versionPlatformPriority rating
Adobe InDesignID18.4Windows and macOS3
Adobe InDesignID17.4.2Windows and macOS3

Adobe released further details about the flaw and credited security researchers for reporting the vulnerabilities.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.