PROBLEM:
Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands
PLATFORM:
CS5.5 7.5.0.142; possibly other versions
ABSTRACT:
Adobe InDesign Server "RunScript" SOAP Message Command Execution Vulnerability
REFERENCE LINKS:
Secunia Advisory SA48572
SecurityTracker Alert ID: 1027783
Adobe
IMPACT ASSESSMENT:
Medium
DISCUSSION:
A vulnerability was reported in Adobe InDesign Server. A remote user can execute arbitrary commands on the target system.
A remote user can send a specially crafted "RunScript" SOAP message to execute arbitrary shell commands on the target system.
Systems with the SOAP interface enabled are affected.
IMPACT:
A remote user can execute arbitrary shell commands on the target system.
SOLUTION:
No solution was available at the time of this entry.