Login Sign Up

CVE-2020-9729

7.8 HIGH

📋 TL;DR

This memory corruption vulnerability in Adobe InDesign allows attackers to execute arbitrary code by tricking users into opening malicious .indd files. It affects all users running vulnerable versions of InDesign, potentially leading to complete system compromise.

💻 Affected Systems

Products:
  • Adobe InDesign
Versions: 15.1.1 and earlier versions
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable when processing .indd files.

📦 What is this software?

Indesign by Adobe

View all CVEs affecting Indesign →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the logged-in user, enabling data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation leading to data exfiltration, credential harvesting, or lateral movement within the network.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially only causing application crashes.

🌐 Internet-Facing: LOW - Exploitation requires user interaction to open malicious files, not directly accessible via network services.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files, but requires social engineering.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open malicious file, but memory corruption vulnerabilities can be reliably exploited by skilled attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 15.1.2 or later

Vendor Advisory: https://helpx.adobe.com/security/products/indesign/apsb20-52.html

Restart Required: Yes

Instructions:

1. Open Adobe Creative Cloud application 2. Navigate to 'Apps' tab 3. Find InDesign and click 'Update' 4. Restart computer after installation completes

🔧 Temporary Workarounds

Disable .indd file association

all

Prevent InDesign from automatically opening .indd files by changing file associations

Windows: Control Panel > Default Programs > Associate a file type or protocol with a program
macOS: Right-click .indd file > Get Info > Open With > Change

🧯 If You Can't Patch

  • Restrict user privileges to standard user accounts (not administrator)
  • Implement application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check InDesign version via Help > About InDesign. If version is 15.1.1 or earlier, system is vulnerable.

Check Version:

Windows: wmic product where name='Adobe InDesign' get version
macOS: /Applications/Adobe\ InDesign\ CC\ 2019/Adobe\ InDesign\ CC\ 2019.app/Contents/MacOS/Adobe\ InDesign\ CC\ 2019 -v

Verify Fix Applied:

Verify InDesign version is 15.1.2 or later via Help > About InDesign.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes of InDesign.exe (Windows) or Adobe InDesign (macOS)
  • Unexpected child processes spawned from InDesign

Network Indicators:

  • Outbound connections from InDesign process to unknown IPs
  • DNS queries for suspicious domains from InDesign process

SIEM Query:

process_name:indesign.exe AND (event_id:1000 OR parent_process:explorer.exe AND child_process:cmd.exe)

📊 Metadata

CVE ID: CVE-2020-9729
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-788
Published: September 10, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-9729, you might also want to check these:

CVE-2021-27384 9.8

This vulnerability allows remote attackers to execute arbitrary code on affected Siemens industrial ...

Same vulnerability type (CWE-788)
CVE-2021-21104 8.8

CVE-2021-21104 is a memory corruption vulnerability in Adobe Illustrator that allows remote code exe...

Same vulnerability type (CWE-788)
CVE-2024-20402 8.6

A memory management flaw in Cisco ASA and FTD SSL VPN allows unauthenticated remote attackers to tri...

Same vulnerability type (CWE-788)