First published: Wed Oct 09 2024(Updated: )
InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which, when executed, could run arbitrary code in the context of the server. Exploitation of this issue requires user interaction.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Any of | ||
Adobe InDesign 2025 | <18.5.4 | |
Adobe InDesign 2025 | >=19.0<19.5 | |
Any of | ||
macOS | ||
Microsoft Windows Operating System |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-45137 is classified with a high severity due to the potential for arbitrary code execution.
To fix CVE-2024-45137, update Adobe InDesign to at least version 18.5.4 or the latest version of 19.x.
Adobe InDesign versions 19.4 and 18.5.3 and earlier are vulnerable to CVE-2024-45137.
Exploiting CVE-2024-45137 could allow an attacker to execute arbitrary code on the affected systems.
CVE-2024-45137 affects Adobe InDesign on both macOS and Windows platforms.