CVE-2024-49547
📋 TL;DR
This CVE describes an out-of-bounds read vulnerability in Adobe InDesign that could allow an attacker to read sensitive memory contents. Exploitation requires a user to open a malicious file, potentially bypassing ASLR protections. Affected users include anyone running vulnerable versions of InDesign Desktop.
💻 Affected Systems
- Adobe InDesign Desktop
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker could read sensitive memory contents, potentially extracting credentials, encryption keys, or other confidential data, and use this information to bypass ASLR for further exploitation.
Likely Case
Limited information disclosure from memory, potentially revealing some application data but unlikely to lead to full system compromise without additional vulnerabilities.
If Mitigated
With proper controls, the impact is minimal as exploitation requires user interaction and the vulnerability only allows reading, not writing, to memory.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file) and knowledge of memory layout. No public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: ID19.5.1 and ID18.5.5
Vendor Advisory: https://helpx.adobe.com/security/products/indesign/apsb24-97.html
Restart Required: Yes
Instructions:
1. Open Adobe Creative Cloud application. 2. Navigate to 'Apps' tab. 3. Find InDesign and click 'Update'. 4. Follow prompts to install latest version. 5. Restart computer after installation.
🔧 Temporary Workarounds
Restrict file opening
allConfigure InDesign to only open trusted files or disable automatic opening of files
Application control
allUse application whitelisting to restrict execution of InDesign to trusted locations only
🧯 If You Can't Patch
- Implement strict user training about opening untrusted InDesign files
- Use endpoint detection and response (EDR) tools to monitor for suspicious file opening behavior
🔍 How to Verify
Check if Vulnerable:
Check InDesign version via Help > About InDesign. If version is ID19.5 or earlier, or ID18.5.4 or earlier, system is vulnerable.Check Version:
On Windows: Check via Creative Cloud app or InDesign Help menu. On macOS: InDesign > About InDesignVerify Fix Applied:
Verify version is ID19.5.1 or later, or ID18.5.5 or later after patching.📡 Detection & Monitoring
Log Indicators:
- Unexpected InDesign crashes
- Large memory reads from InDesign process
- Suspicious file opens in InDesign
Network Indicators:
- None - this is a local file-based vulnerability
SIEM Query:
EventID=4688 AND ProcessName='indesign.exe' AND CommandLine CONTAINS suspicious.extension