Adobe Security Bulletin

Security updates available for InDesign | APSB17-38

Bulletin ID	Date Published	Priority
APSB17-38	November 14, 2017	3

Adobe has released an update for InDesign for Windows and Macintosh. This update addresses a critical memory corruption vulnerability due to improper handling of a malformed .inx file.

Product	Affected version	Platform
InDesign	12.1.0 and earlier versions	Windows and Macintosh

Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version:

Product	Updated version	Platform	Priority rating	Availability
InDesign	13.0	Windows and Macintosh	3	Release Notes

For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information.

Vulnerability Category	Vulnerability Impact	Severity	CVE Number
Memory Corruption	Remote Code Execution	Critical	CVE-2017-11302

Adobe would like to thank Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue and for working with Adobe to help protect our customers.

Adobe Security Bulletin

Summary

Affected versions

Solution

Vulnerability Details

Acknowledgments

Ask the Community

Contact Us