June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
SideWinder APT Group aka Rattlesnake – Active IOCs
November 18, 2024
WezRat Malware Used in Cyberattacks by Iranian Threat Actors – Active IOCs
November 18, 2024
SideWinder APT Group aka Rattlesnake – Active IOCs
November 18, 2024
WezRat Malware Used in Cyberattacks by Iranian Threat Actors – Active IOCs
November 18, 2024
Severity
Medium
Analysis Summary
CVE-2024-49512 CVSS:5.5
InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-49511 CVSS:5.5
InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-49510 CVSS:5.5
InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-49509 CVSS:7.8
InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-49508 CVSS:7.8
InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-49507 CVSS:7.8
InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-47458 CVSS:5.5
Bridge versions 13.0.9, 14.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-47454 CVSS:5.5
Illustrator versions 28.7.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-47456 CVSS:5.5
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-47455 CVSS:5.5
Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Impact
- Denial of Service
- Security Bypass
- Buffer Overflow
- Code Execution
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-49512
- CVE-2024-49511
- CVE-2024-49510
- CVE-2024-49509
- CVE-2024-49508
- CVE-2024-49507
- CVE-2024-47458
- CVE-2024-47454
- CVE-2024-47456
- CVE-2024-47455
Affected Vendors
Adobe
Affected Products
- Adobe InDesign ID18.5.2
- Adobe Indesign ID18.5.3
- Adobe Indesign ID19.5
- Adobe Bridge - 13.0.9
- Adobe Bridge - 14.1.2
- Adobe Illustrator 2024 28.7.1
Remediation
Refer to Adobe Security Advisory for patch, upgrade, or suggested workaround information.
