The host is installed with Adobe InDesign CS4 before 6.0.6, InDesign CS5 before 7.0.3 and is prone to untrusted search path vulnerability. A flaw is present in the application, which fails to handle the DLL hijacking attacks via a Trojan horse ibfs32.dll. Successful exploitation allows local users, and possibly remote attackers to execute arbitrary code.