Adobe InCopy up to 16.4.1/17.1 use after free

Summaryinfo

A vulnerability, which was classified as critical, was found in Adobe InCopy up to 16.4.1/17.1. The affected element is an unknown function. The manipulation results in use after free. This vulnerability was named CVE-2022-28835. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

Detailsinfo

A vulnerability was found in Adobe InCopy up to 16.4.1/17.1. It has been classified as critical. Affected is some unknown functionality. The manipulation with an unknown input leads to a use after free vulnerability. CWE is classifying the issue as CWE-416. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

The weakness was presented 09/11/2023 as apsb22-28. The advisory is shared for download at helpx.adobe.com. This vulnerability is traded as CVE-2022-28835 since 04/08/2022. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available.

Upgrading eliminates this vulnerability.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• Adobe

Name

• InCopy

Version

• 16.4.0
• 16.4.1
• 17.0
• 17.1

License

• commercial

Website

• Vendor: https://www.adobe.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion