CVE-2022-28831
📋 TL;DR
Adobe InDesign versions 17.1 and earlier (macOS/Windows) and 16.4.1 and earlier (macOS/Windows) contain an out-of-bounds write vulnerability that could allow arbitrary code execution when a user opens a malicious file. Attackers could gain the same privileges as the current user, potentially leading to system compromise. This affects all users running vulnerable versions of Adobe InDesign.
💻 Affected Systems
- Adobe InDesign
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the victim's computer, data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation leading to data exfiltration, malware installation, or persistence mechanisms being established on the compromised system.
If Mitigated
Limited impact with proper application sandboxing, least privilege principles, and network segmentation preventing lateral movement.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file). No public exploit code available at disclosure time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 17.2 (macOS/Windows) and 16.4.2 (macOS/Windows)
Vendor Advisory: https://helpx.adobe.com/security/products/indesign/apsb22-23.html
Restart Required: Yes
Instructions:
1. Open Adobe InDesign. 2. Go to Help > Updates. 3. Install available updates. 4. Alternatively, download from Adobe Creative Cloud desktop app or Adobe website. 5. Restart computer after installation.
🔧 Temporary Workarounds
Disable InDesign file associations
allPrevent automatic opening of .indd files by changing default file associations
Windows: Control Panel > Default Programs > Associate a file type or protocol with a program
macOS: Right-click .indd file > Get Info > Open with > Change All
Application sandboxing
allRun InDesign with reduced privileges using application sandboxing tools
Windows: Use Windows Sandbox or third-party sandboxing tools
macOS: Use built-in sandboxing features or third-party solutions
🧯 If You Can't Patch
- Implement strict file handling policies: block or quarantine .indd files from untrusted sources
- Use application control solutions to restrict InDesign execution to trusted directories only
🔍 How to Verify
Check if Vulnerable:
Check InDesign version via Help > About InDesign. If version is 17.1 or earlier (macOS/Windows) or 16.4.1 or earlier (macOS/Windows), system is vulnerable.Check Version:
Windows: wmic product where name="Adobe InDesign" get version
macOS: /Applications/Adobe\ InDesign\ */Adobe\ InDesign.app/Contents/MacOS/Adobe\ InDesign -vVerify Fix Applied:
Verify version is 17.2 or later (macOS/Windows) or 16.4.2 or later (macOS/Windows) via Help > About InDesign.📡 Detection & Monitoring
Log Indicators:
- Unexpected InDesign crashes with memory access violations
- Multiple failed attempts to open corrupted .indd files
- Process creation from InDesign with unusual command-line arguments
Network Indicators:
- Outbound connections from InDesign process to suspicious IPs
- DNS requests for known malicious domains from InDesign
SIEM Query:
process_name:"InDesign.exe" AND (event_id:1000 OR event_id:1001) AND exception_code:0xc0000005