Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.

• Adobe InCopy is a word processor within Adobe Creative Cloud that allows copywriters and editors to write, edit, and format text in InDesign documents, while designers work on the same file in InDesign simultaneously.
• Adobe Experience Manager (AEM) is a comprehensive content management system (CMS) and digital asset management (DAM) platform that helps businesses create, manage, and deliver digital experiences across multiple channels.
• Adobe Commerce is a comprehensive, enterprise-grade e-commerce platform, formerly known as Magento Commerce, that allows businesses to build, personalize, and manage online stores.
• Adobe InDesign is a professional-grade software used for desktop publishing and page layout design.
• Adobe Substance 3D Sampler is a 3D scanning and material creation software that transforms real-life pictures into photorealistic materials, 3D objects, and HDR environments.
• Adobe Acrobat Reader is a free software that serves as the industry standard for viewing, printing, and interacting with PDFs.
• Adobe Substance 3D Painter is a software application primarily used for texturing 3D models.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights

Read more... Cyber Security Advisories - MS-ISAC