1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Adobe InDesign Server Arbitrary Script Execution

Attack: Adobe InDesign Server Arbitrary Script Execution

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to execute arbitrary script in InDesign Server.

Additional Information

Adobe InDesign is a graphics and content design application used to create posters, flyers, brochures, magazines, and books.

Adobe InDesign is prone to a remote command-execution vulnerability because it fails to restrict access to the SOAP interface component. An attacker can be exploit this issue to execute arbitrary shell commands through a specially crafted 'RunScript' SOAP message.

Successful exploits will allow attackers to execute arbitrary commands in the context of the affected application.

Affected

  • Adobe InDesign CS6 Server

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube