Login Sign Up

CVE-2020-9731

7.8 HIGH

📋 TL;DR

This CVE describes a memory corruption vulnerability in Adobe InDesign where malicious .indd files can trigger out-of-bounds memory access. Successful exploitation could allow attackers to execute arbitrary code with the privileges of the current user. Users of Adobe InDesign versions 15.1.1 and earlier are affected.

💻 Affected Systems

Products:
  • Adobe InDesign
Versions: 15.1.1 and earlier versions
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable when processing .indd files.

📦 What is this software?

Indesign by Adobe

View all CVEs affecting Indesign →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Local privilege escalation or malware installation through social engineering attacks with malicious files.

🟢

If Mitigated

Limited impact with proper file handling restrictions and user awareness training.

🌐 Internet-Facing: LOW - Exploitation requires user interaction with malicious files, not directly internet-exposed services.
🏢 Internal Only: MEDIUM - Internal users could be targeted via email attachments or network shares containing malicious .indd files.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file. No public exploit code was available at disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 15.1.2 or later

Vendor Advisory: https://helpx.adobe.com/security/products/indesign/apsb20-52.html

Restart Required: Yes

Instructions:

1. Open Adobe Creative Cloud application. 2. Navigate to 'Apps' tab. 3. Find Adobe InDesign and click 'Update'. 4. Alternatively, download installer from Adobe website. 5. Restart computer after installation.

🔧 Temporary Workarounds

Restrict .indd file handling

all

Configure system to open .indd files only with trusted applications or block them at perimeter.

User awareness training

all

Educate users to avoid opening .indd files from untrusted sources.

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of unauthorized InDesign instances
  • Use email filtering to block .indd attachments from external sources

🔍 How to Verify

Check if Vulnerable:

Check InDesign version via Help > About InDesign. If version is 15.1.1 or earlier, system is vulnerable.

Check Version:

On Windows: Check registry at HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\InDesign\15.0\Installation. On macOS: Check /Applications/Adobe InDesign CC 2019/Adobe InDesign CC 2019.app/Contents/Info.plist

Verify Fix Applied:

Verify InDesign version is 15.1.2 or later via Help > About InDesign.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes of InDesign.exe or InDesign process
  • Unexpected child processes spawned from InDesign

Network Indicators:

  • Unusual outbound connections from InDesign process

SIEM Query:

process_name:"InDesign.exe" AND (event_type:"process_crash" OR parent_process:"InDesign.exe")

📊 Metadata

CVE ID: CVE-2020-9731
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-788
Published: September 10, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-9731, you might also want to check these:

CVE-2021-27384 9.8

This vulnerability allows remote attackers to execute arbitrary code on affected Siemens industrial ...

Same vulnerability type (CWE-788)
CVE-2021-21104 8.8

CVE-2021-21104 is a memory corruption vulnerability in Adobe Illustrator that allows remote code exe...

Same vulnerability type (CWE-788)
CVE-2024-20402 8.6

A memory management flaw in Cisco ASA and FTD SSL VPN allows unauthenticated remote attackers to tri...

Same vulnerability type (CWE-788)