FortiGuard Labs Discovers Multiple Critical Vulnerabilities in Adobe InDesign

FortiGuard Labs Threat Research Report

Affected platforms:  Windows and macOS
Impacted parties:     Users of Adobe InDesign 2020 versions 15.1.1 and below
Impact:                       Arbitrary Code Execution
Severity level:            Critical

This Tuesday (September 8, 2020), Adobe released a security update to address five critical vulnerabilities in their InDesign product. All of these zero-day vulnerabilities were recently discovered by FortiGuard Labs researcher Kexu Wang. The timeline can be found in each individual vulnerability advisory, below.

Adobe InDesign is a desktop publishing and typesetting software developed by Adobe Systems. It can be used to create works such as posters, flyers, brochures, magazines, newspapers, presentations, books, and ebooks. The five vulnerabilities FortiGuard Labs discovered in Adobe InDesign are identified as CVE-2020-9727, CVE-2020-9728, CVE-2020-9729, CVE-2020-9730, and CVE-2020-9731. 

Adobe InDesign Vulnerabilities Overview

Due to the critical rating of these vulnerabilities, we suggest users apply the related Adobe patches as soon as possible. Following are additional details for these vulnerabilities:

CVE-2020-9727

This Memory Corruption vulnerability exists in the decoding of INDD files in Adobe InDesign. Specifically, the vulnerability is caused by a malformed INDD file that causes an Out of Bounds memory access due to an improper bounds check. This specific vulnerability exists in the library ObjectModel.dll. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted INDD file.

Fortinet already released the following IPS signature for this specific vulnerability to proactively protect our customers before the patch became available: Adobe.InDesign.CVE-2020-9727.Memory.Corruption 

CVE-2020-9728

This Memory Corruption vulnerability exists in the decoding of INDD files in Adobe InDesign. Specifically, the vulnerability is caused by a malformed INDD file that causes an Out of Bounds memory access due to an improper bounds check. This specific vulnerability exists in the “DOCUMENT FRAMEWORK.RPLN” plugin. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted INDD file.

Fortinet already released the following IPS signature this specific vulnerability to proactively protect our customers before the patch became available: Adobe.InDesign.CVE-2020-9728.Memory.Corruption 

CVE-2020-9729

This Memory Corruption vulnerability exists in the decoding of INDD files in Adobe InDesign. Specifically, the vulnerability is caused by a malformed INDD file that causes an Out of Bounds memory access due to an improper bounds check. This specific vulnerability exists in the library Public.dll. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted INDD file.

Fortinet already released the following IPS signature for this specific vulnerability to proactively protect our customers before the patch became available: Adobe.InDesign.CVE-2020-9729.Memory.Corruption 

CVE-2020-9730

This Memory Corruption vulnerability exists in the decoding of INDD files in Adobe InDesign. Specifically, the vulnerability is caused by a malformed INDD file that causes an Out of Bounds memory access due to an improper bounds check. This specific vulnerability exists in the “DOCUMENT FRAMEWORK.RPLN” plugin. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted INDD file.

Fortinet already released the following IPS signature for this specific vulnerability to proactively protect our customers before the patch became available: Adobe.InDesign.CVE-2020-9730.Memory.Corruption 

CVE-2020-9731

This Memory Corruption vulnerability exists in the decoding of INDD files in Adobe InDesign. Specifically, the vulnerability is caused by a malformed INDD file that causes an Out of Bounds memory access due to an improper bounds check. This specific vulnerability exists in the library Public.dll. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted INDD file.

Fortinet already released the following IPS signature for this specific vulnerability to proactively protect our customers before the patch became available: Adobe.InDesign.CVE-2020-9731.Memory.Corruption 

FortiGuard Labs Commitment to Zero-Day Vulnerability Research

FortiGuard Labs is committed to ongoing threat research and analysis to provide critical threat intelligence to our customers and the cybersecurity community. The zero-day vulnerabilities outlined in this report are part of these efforts. While FortiGate IPS customers have updated IPS signatures for these vulnerabilities already in place, we strongly encourage all Adobe InDesign customers to apply these recently released patches as soon as possible. 

FortiGuard Labs’ dedicated zero-day vulnerability research team was formed in 2006 using a white hat ethical hacking approach. The goal of this program is to harden security by discovering zero-day vulnerabilities in software/hardware before black hat attackers do. By beating attackers at their own game, FortiGuard Labs is able to provide virtual patch protection for discovered flaws ­– usually through IPS or AV controls – before any patches are available.

FortiGuard Labs also has a robust responsible disclosure policy in place as part of our white hat ethical practice, meaning that any discovered zero-day vulnerability is reported to the affected vendor(s), enabling them to make appropriate changes before we make our research public. By doing so, FortiGuard Labs has created strong relationships with vendors, enabling us to work together to close security holes and harden products through proactive research. Unlike black hat or gray hat approaches of selling these vulnerabilities, FortiGuard Labs provides all research to affected vendors free of charge. We use this data solely to provide virtual patches to our customers using the Fortinet Security Fabric with FortiGuard subscription services. 

FortiGuard Labs continues to lead the industry in zero-day discoveries through this program. To date, we have discovered and reported over 892 vulnerabilities – ranging from the endpoint to the cloud – broadly covering the entire potential attack surface.

Learn more about FortiGuard Labs threat research and the FortiGuard Security Subscriptions and Services portfolioSign up for the weekly Threat Brief from FortiGuard Labs. 

Learn more about Fortinet’s free cybersecurity training initiative or about the Fortinet Network Security Expert programNetwork Security Academy program, and FortiVet program.

http://feeds.feedburner.com/fortinet/blog/threat-research