CVE-2021-45058: 
Adobe InDesign vulnerability analysis and mitigation

Adobe InDesign version 16.4 and earlier versions were found to contain an out-of-bounds write vulnerability (CVE-2021-45058). The vulnerability was discovered by Mat Powell of Trend Micro Zero Day Initiative and was publicly disclosed on January 13, 2022. This security flaw affects Adobe InDesign installations on both Windows and macOS operating systems (NVD, Adobe Advisory).

The vulnerability is classified as an out-of-bounds write (CWE-787) issue. According to the CVSS 3.1 scoring system, it received a high severity base score of 7.8 with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability requires local access and user interaction but needs no privileges to exploit (NVD).

If successfully exploited, this vulnerability could lead to arbitrary code execution in the context of the current user. The potential impact includes complete compromise of system confidentiality, integrity, and availability within the scope of the affected user's permissions (NVD).

Adobe addressed this vulnerability in their security advisory APSB22-05. Users are advised to update their Adobe InDesign installations to versions newer than 16.4 to protect against this vulnerability (Adobe Advisory).