Adobe InDesign CS3 INDD File Handling Buffer Overflow Vulnerability

Title: Adobe InDesign CS3 INDD File Handling Buffer Overflow Vulnerability
Advisory ID: ZSL-2010-4941
Type: Local/Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 04.06.2010
Adobe® InDesign® CS3 software provides precise control over typography and built-in creative tools for designing, preflighting, and publishing documents for print, online, or to mobile devices. Include interactivity, animation, video, and sound in page layouts to fully engage readers.
When parsing .indd files to the application, it crashes instantly overwriting memory registers. Depending on the offset, EBP, EDI, EDX and ESI gets overwritten. Potential vulnerability use is arbitrary code execution and denial of service.

Adobe Systems Incorporated -
Affected Version
CS3 10.0
Tested On
Microsoft Windows XP Professional SP3 (English)
Vendor Status
[16.09.2009] Vulnerability discovered.
[09.03.2010] Vulnerability reported to vendor with sent PoC files.
[21.03.2010] Asked confirmation from the vendor.
[21.03.2010] Vendor asked for PoC files due to communication errors.
[22.03.2010] Re-sent PoC files to vendor.
[04.04.2010] Vendor confirms vulnerability.
[03.06.2010] Vendor informs that they discontinued support for CS3 since CS5 is out.
[04.06.2010] Public advisory released.
Vulnerability discovered by Gjoko Krstic - <>
High five to Wendy and David
[04.06.2010] - Initial release
[05.06.2010] - Added reference [3], [4], [5], [6] and [7]
[06.06.2010] - Added reference [8], [9] and [10]
[07.06.2010] - Added reference [11]
[11.06.2010] - Added reference [12]
[14.06.2010] - Added reference [13]
Zero Science Lab