Accessibility
Adobe
Sign in Privacy My Adobe

Security bulletin

Security update available for InDesign

Release date: October 18, 2010

Vulnerability identifier: APSB10-24

CVE number: CVE-2010-3153

Platform: Windows

Summary

An important library-loading vulnerability has been identified in Adobe InDesign CS5 7.0.2 and earlier, Adobe InDesign Server CS5 7.0.2 and earlier, and Adobe InCopy CS5 7.0.2 and earlier. Adobe recommends users update their product installations using the instructions provided below.

Affected software versions

  • Adobe InDesign CS5 7.0.2 and earlier versions for Windows
  • Adobe InDesign Server CS5 7.0.2 and earlier versions for Windows
  • Adobe InCopy CS5 7.0.2 and earlier versions for Windows

Solution

Adobe recommends users update their software installations by following the instructions below:

Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Users can also find the appropriate update(s) here:

InDesign:
InDesign users on Windows can find the appropriate updates for versions CS5 7.0.3 and CS4 6.0.6 here:
CS5 7.0.3: http://www.adobe.com/support/downloads/detail.jsp?ftpID=4872
CS4 6.0.6: http://www.adobe.com/support/downloads/detail.jsp?ftpID=4877

InDesign Server:
InDesign Server users on Windows can find the appropriate update for version CS5 7.0.3 here: http://www.adobe.com/support/downloads/detail.jsp?ftpID=4880

InCopy:
InCopy users on Windows can find the appropriate updates for versions CS5 7.0.3 and CS4 6.0.6 here:
CS5 7.0.3: http://www.adobe.com/support/downloads/detail.jsp?ftpID=4873
CS4 6.0.6: http://www.adobe.com/support/downloads/detail.jsp?ftpID=4876

Severity rating

Adobe categorizes this as an important update and recommends that users apply the latest update for their product installation by following the instructions in the "Solution" section above.

Details

An important library-loading vulnerability has been identified in Adobe InDesign CS5 7.0.2 and earlier, InDesign Server CS5 7.0.2 and earlier, and InCopy CS5 7.0.2 and earlier. Exploitation of this vulnerability (CVE-2010-3153) could allow an attacker to load arbitrary libraries by tricking a user into opening a file located on a remote WebDAV or SMB share. Adobe recommends users update their product installations using the instructions provided in the "Solution" section above.