In association with heise online

04 December 2009, 11:35

Critical vulnerability in Adobe Illustrator

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

An exploit which utilises a previously unknown vulnerability when processing crafted encapsulated postscript (.eps) files has been published for the Windows version of Adobe Illustrator. Loading an .eps file with an overlong DSC comment causes a buffer overflow which can be exploited to inject code and execute it with the user's privileges.

The published exploit binds a shell on network port 4444 on the victim's computer, giving the attacker remote access to the system. It is unclear whether or not a similar exploit exists for Mac versions.

Adobe Illustrator CS3 (13.0.0) and CS4 (14.0.0) are both affected. Adobe has been informed of the issue and has indicated that it is looking into the problem. No fix is available as yet, meaning that the only protection against this problem is to not open .eps files of unknown provenance.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit