Severity Rating: High
System Affected
Adobe Illustrator CS4 version 14.0.0
Adobe Illustrator CS3 version 13.0.3 and prio
Overview
A vulnerability has been reported in Adobe Illustrator CS4 and Adobe Illustrator CS3, which could allow a remote attacker to execute an arbitrary code.
Description
This vulnerability is caused due to a memory corruption error when processing Encapsulated Postscript (.eps) files containing overly long data in Adobe Illustrator. A remote attacker could exploit this vulnerability by
tricking a user into opening a specially crafted Encapsulated Postscript Files (.eps) file with a long DSC Comment to trigger memory corruption error. Successful exploitation of this vulnerability could allow a remote
attacker to execute an arbitrary code.
Workarounds
Do not open .eps files from untrusted sources. Exercise caution while visiting websites Solution
Apply appropriate patches as mentioned in Adobe Security Bulletin APSA09-06
Vendor Information
Adobe
http://www.adobe.com/support/security/advisories/apsa09-06.html
References
Adobe
http://www.adobe.com/support/security/advisories/apsa09-06.html
http://blogs.adobe.com/psirt/
Secunia
http://secunia.com/advisories/37563/
SecurityFocus
http://www.securityfocus.com/bid/37192
VUPEN Security
http://www.vupen.com/english/advisories/2009/3396
CVE Name
CVE-2009-4195
CWE Name
CWE-119
Disclaimer
The information provided herein is on “as is” basis, without warranty of any kind.
future of cybersecurity 