Adobe InDesign Server SOAP interface RunScript command execution
Added: 02/04/2013BID: 56574
OSVDB: 87548
Background
Adobe InDesign is a desktop publishing application. It includes a server interface providing an API for software developers using SOAP.Problem
The SOAP interface in Adobe InDesign Server allows remote, unauthenticated attackers to run arbitrary commands contained in a RunScript SOAP message.Resolution
No patches were available at the time of this writing. Disable the Adobe InDesign Server or block access to port 12345/TCP at the firewall.References
http://secunia.com/advisories/48572/Limitations
Exploit works on Adobe InDesign Server CS6 8.0.0.370 on Windows Server 2008 R2 SP1 (DEP OptOut).Platforms
WindowsBack to exploit index