CVE-2024-49543
📋 TL;DR
A stack-based buffer overflow vulnerability in Adobe InDesign allows arbitrary code execution when a user opens a malicious file. This affects users running vulnerable versions of InDesign Desktop on Windows and macOS. Successful exploitation requires user interaction through opening a crafted file.
💻 Affected Systems
- Adobe InDesign Desktop
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining the same privileges as the logged-in user, potentially leading to data theft, ransomware deployment, or lateral movement.
Likely Case
Local privilege escalation or malware installation on the affected workstation, compromising user data and potentially spreading within the network.
If Mitigated
Limited impact with proper application whitelisting and user training preventing malicious file execution.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file) and crafting a specific file format. No public exploits known at advisory publication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: ID19.5.1 and ID18.5.5
Vendor Advisory: https://helpx.adobe.com/security/products/indesign/apsb24-97.html
Restart Required: Yes
Instructions:
1. Open Adobe InDesign. 2. Go to Help > Updates. 3. Install available updates to version 19.5.1 or 18.5.5. 4. Restart the application. Alternatively, download from Adobe Creative Cloud desktop app.
🔧 Temporary Workarounds
Restrict InDesign file handling
allConfigure system to open .indd files with alternative applications or require verification before opening.
User awareness training
allTrain users to only open InDesign files from trusted sources and verify file integrity.
🧯 If You Can't Patch
- Implement application control/whitelisting to restrict InDesign execution to necessary users only.
- Use email/web gateways to block suspicious InDesign file attachments and downloads.
🔍 How to Verify
Check if Vulnerable:
Check InDesign version via Help > About InDesign. If version is 19.5 or earlier, or 18.5.4 or earlier, system is vulnerable.Check Version:
On Windows: Check via Control Panel > Programs > Programs and Features. On macOS: Check via Applications folder > Right-click InDesign > Get Info.Verify Fix Applied:
Verify version is 19.5.1 or higher, or 18.5.5 or higher after update.📡 Detection & Monitoring
Log Indicators:
- Unexpected InDesign crashes
- Process creation from InDesign with unusual parameters
- File access to suspicious .indd files
Network Indicators:
- Outbound connections from InDesign process to unknown IPs post-file open
SIEM Query:
Process:indesign.exe AND (EventID:1000 OR ParentProcess:explorer.exe) AND CommandLine:*indd*