CVE-2019-7107

EUVD-2019-16658
Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
adobeindesign
𝑥
≤ 14.0.1
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/107821
https://helpx.adobe.com/security/products/indesign/apsb19-23.html
http://www.securityfocus.com/bid/107821
https://helpx.adobe.com/security/products/indesign/apsb19-23.html