The version of Adobe InDesign installed on the remote Windows host is prior to 16.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB21-73 advisory.

  - Access of Memory Location After End of Buffer (CWE-788 (CVE-2021-40727)

  - Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) is affected by an Out-of-bounds Write     vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code     execution in the context of the current user. User interaction is required to exploit this vulnerability.
    (CVE-2021-39820)

  - Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds read     vulnerability that could result in arbitrary code execution in the context of the current user.
    Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file.
    (CVE-2021-39821)

  - Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds     write vulnerability that could result in arbitrary code execution in the context of the current user.
    Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file.
    (CVE-2021-39822)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Adobe InDesign 16.0 < 16.4.0 Multiple Arbitrary code execution (APSB21-73)

high Nessus Plugin ID 153437

Version 1.8