In order to exploit this issue, the user must have a malformed file with an InCopy document open on the affected version of InCopy. The malicious file must also have a specially crafted markup. The following InCopy documents are considered to be vulnerable: InCopy version 17.3 (and earlier) and version 16.4.2 (and earlier). Adobe has confirmed this issue and released version 17.3.2 of InCopy to patch this issue. Users can update to the latest version by going to Help > Updates in InCopy.
What is Adobe InCopy?
Adobe InCopy is a content-creation software that helps users with Word and PDF documents. Adobe InCopy is important for businesses to use as it allows them to create, edit, and publish their content from one location.
Since many of the features in InCopy are related to Word, there is a high risk of this vulnerability being exploited on documents with a malformed Word file. The resulting exploit could allow the user to execute malicious code on the system.
How to check if you are vulnerable?
If you are using InCopy and have an affected version, you should check if you are vulnerable by opening the malicious file. If the issue is present, a red X will appear next to the document name in the 'Docs' tab of the File Browser.
If you are using InCopy version 17.3.2 or later, then you are not vulnerable to this issue.
How do I know if my system is vulnerable?
If you are using InCopy version 17.3 or earlier, or InCopy 16.4.2 or earlier and have not received an alert notification regarding this vulnerability, you are not affected by this vulnerability.
If you are using the latest version of InCopy, the latest cumulative update (17.3.2) will be installed automatically to patch this issue. If you do not have automatic updates enabled, go to Help > Updates in InCopy and install the latest version manually.>>END>>
Timeline
Published on: 09/16/2022 18:15:00 UTC
Last modified on: 09/20/2022 17:58:00 UTC