Adobe patches InDesign

An important library-loading vulnerability has been identified in Adobe InDesign CS5 7.0.2 and earlier, InDesign Server CS5 7.0.2 and earlier, and InCopy CS5 7.0.2 and earlier.

Exploitation of this vulnerability (CVE-2010-3153) could allow an attacker to load arbitrary libraries by tricking a user into opening a file located on a remote WebDAV or SMB share. Adobe recommends users update their product installations.

Users can utilize the product’s update mechanism. The default configuration is set to run automatic update checks on a regular schedule and can be manually activated by choosing Help > Check for Updates.

InDesign users on Windows can find the appropriate updates for versions CS5 7.0.3 and CS4 6.0.6 here:

• CS5 7.0.3
• CS4 6.0.6.

InDesign Server users on Windows can find the appropriate update for version CS5 7.0.3 here.

InCopy users on Windows can find the appropriate updates for versions CS5 7.0.3 and CS4 6.0.6 here:

• CS5 7.0.3
• CS4 6.0.6.