Detections
Analytics
Adobe InDesign Server RunScript Arbitrary Command Execution
high Nessus Plugin ID 65127
Language:
Synopsis
A web service running on the remote host has a command execution vulnerability.Description
The version of Adobe InDesign Server running on the remote host has an arbitrary command execution vulnerability. When the SOAP service is enabled, it processes requests for the RunScript method without requiring authentication. This method can be used to execute arbitrary VBScript on Windows, or AppleScript on Mac OS. A remote, unauthenticated attacker could exploit this to execute arbitrary code.Solution
There is no known solution at this time.Plugin Details
Severity: High
ID: 65127
File Name: adobe_indesign_soap_runscript_rce.nasl
Version: 1.5
Type: remote
Family: CGI abuses
Published: 3/8/2013
Updated: 1/19/2021
Supported Sensors: Nessus
Vulnerability Information
CPE: cpe:/a:adobe:indesign
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Vulnerability Publication Date: 11/16/2012
Exploitable With
Metasploit (Adobe IndesignServer 5.5 SOAP Server Arbitrary Script Execution)
Reference Information
BID: 56574
Secunia: 48572