Release date:
Updated on: 2012-11-19
Affected Systems:
Adobe InDesign CS6 8.x
Adobe InDesign Server CS5 7.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56574
Adobe InDesign is a graphic design software.
Adobe InDesign Server CS5.5 7.5.0.142 and other versions do not properly restrict access to the SOAP interface components. using a specially crafted "RunScript" SOAP message, attackers can execute arbitrary shell commands. To exploit this vulnerability, you must enable the SOAP interface.
<* Source: Hans-Martin Muench
Link: http://secunia.com/advisories/48572/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Adobe
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.adobe.com/support/security/