CVE-2023-26368 – Adobe InCopy has an out-of-bounds read vulnerab... (How to Fix)

Q: What is the severity of CVE-2023-26368?

CVE-2023-26368 has a CVSS score of 7.8 (HIGH). Adobe InCopy has an out-of-bounds read vulnerability that could allow arbitrary code execution when a user opens a malicious file. Attackers could exploit this to run code with the victim's privileges. Users of Adobe InCopy versions 18.5 and earlier or 17.4.2 and earlier are affected.

📋 TL;DR

Adobe InCopy has an out-of-bounds read vulnerability that could allow arbitrary code execution when a user opens a malicious file. Attackers could exploit this to run code with the victim's privileges. Users of Adobe InCopy versions 18.5 and earlier or 17.4.2 and earlier are affected.

💻 Affected Systems

Products:

Adobe InCopy

Versions: 18.5 and earlier, 17.4.2 and earlier

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable. Requires user to open malicious file.

📦 What is this software?

Incopy by Adobe

View all CVEs affecting Incopy →

Incopy by Adobe

View all CVEs affecting Incopy →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via arbitrary code execution with current user privileges, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Limited code execution leading to data exfiltration or malware installation on the affected workstation.

🟢

If Mitigated

No impact if users don't open untrusted files or if application is patched.

🌐 Internet-Facing: LOW - Requires user interaction to open malicious file, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious documents.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and bypassing memory protections.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 18.5.1 or 17.4.3

Vendor Advisory: https://helpx.adobe.com/security/products/incopy/apsb23-60.html

Restart Required: Yes

Instructions:

1. Open Adobe InCopy. 2. Go to Help > Check for Updates. 3. Follow prompts to install update. 4. Restart application.

🔧 Temporary Workarounds

Restrict file opening

all

Configure application to only open trusted files or disable automatic opening of InCopy documents.

Application control

all

Use application whitelisting to prevent execution of malicious code.

🧯 If You Can't Patch

Implement strict email filtering to block malicious attachments
Educate users to never open untrusted InCopy files from unknown sources

🔍 How to Verify

Check if Vulnerable:

Check Adobe InCopy version via Help > About Adobe InCopy. If version is 18.5 or earlier, or 17.4.2 or earlier, system is vulnerable.

Check Version:

On Windows: wmic product where name="Adobe InCopy" get version
On macOS: /Applications/Adobe\ InCopy\ 2023/Adobe\ InCopy\ 2023.app/Contents/MacOS/Adobe\ InCopy\ 2023 --version

Verify Fix Applied:

Verify version is 18.5.1 or higher, or 17.4.3 or higher after update.

📡 Detection & Monitoring

Log Indicators:

Application crashes with memory access violations
Unexpected file opening events

Network Indicators:

Unusual outbound connections after opening InCopy files

SIEM Query:

source="*incopy*" AND (event_type="crash" OR file_path="*.inc*" AND user_action="open")

📊 Metadata

CVE ID: CVE-2023-26368

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: November 16, 2023

Last Updated: November 21, 2024

🔗 References

https://helpx.adobe.com/security/products/incopy/apsb23-60.html Vendor Advisory
https://helpx.adobe.com/security/products/incopy/apsb23-60.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-26368, you might also want to check these: