CVE-2021-45057: 
Adobe InDesign vulnerability analysis and mitigation

Adobe InDesign version 16.4 and earlier versions were found to contain an out-of-bounds write vulnerability, identified as CVE-2021-45057. The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and was publicly disclosed on January 13, 2022. This security flaw affects Adobe InDesign installations on both Windows and macOS operating systems (NVD).

The vulnerability is classified as an out-of-bounds write (CWE-787) that could potentially lead to arbitrary code execution in the context of the current user. The severity of this vulnerability is rated as HIGH with a CVSS 3.1 base score of 7.8 (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Under CVSS 2.0, it received a MEDIUM score of 6.8 (Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The potential impact includes compromise of system confidentiality, integrity, and availability, as indicated by the high ratings in the CVSS scoring (NVD).

Adobe has addressed this vulnerability in their security advisory. Users are advised to update their Adobe InDesign installations to versions newer than 16.4 to mitigate this security risk (Adobe Advisory).