CVE-2024-45137: 
Adobe InDesign vulnerability analysis and mitigation

CVE-2024-45137 is an Unrestricted Upload of File with Dangerous Type vulnerability affecting Adobe InDesign Desktop versions 19.4, 18.5.3 and earlier. The vulnerability was disclosed on October 9, 2024, and affects both Windows and macOS operating systems (NVD, CIS Advisory).

The vulnerability is classified as a CWE-434 (Unrestricted Upload of File with Dangerous Type) with a CVSS v3.1 base score of 7.8 (HIGH). The vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access vector, low attack complexity, no privileges required, and user interaction required (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the server. The impact could be significant as it affects confidentiality, integrity, and availability of the system, with all three having high impact ratings (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe InDesign. The vulnerability affects InDesign Desktop versions 19.4, 18.5.3 and earlier, and users should upgrade to versions after 18.5.4 or 19.5 accordingly (NVD).