CVE-2018-4928

HIGH

Adobe InDesign < 13.0 - Memory Corruption leading to Arbitrary Code Execution

Title source: llm
STIX 2.1

Description

Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103714

Scores

CVSS v3 7.8
EPSS 0.0442
EPSS Percentile 90.2%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (1)
adobe/indesign < 13.0
Published May 19, 2018
Tracked Since Feb 18, 2026