You are here

V-027: Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands

November 19, 2012 - 2:30am

Addthis

PROBLEM:

Adobe InDesign Server SOAP Interface Lets Remote Users Execute Arbitrary Commands

PLATFORM:

CS5.5 7.5.0.142; possibly other versions

ABSTRACT:

Adobe InDesign Server "RunScript" SOAP Message Command Execution Vulnerability

REFERENCE LINKS:

Secunia Advisory  SA48572
SecurityTracker Alert ID:  1027783
Adobe

IMPACT ASSESSMENT:

Medium

DISCUSSION:

A vulnerability was reported in Adobe InDesign Server. A remote user can execute arbitrary commands on the target system.

A remote user can send a specially crafted "RunScript" SOAP message to execute arbitrary shell commands on the target system.

Systems with the SOAP interface enabled are affected.

IMPACT:

A remote user can execute arbitrary shell commands on the target system.

SOLUTION:

No solution was available at the time of this entry.
 

Addthis