Severity Rating: High

System Affected
Adobe Illustrator CS4 version 14.0.0
Adobe Illustrator CS3 version 13.0.3 and prio

Overview
A vulnerability has been reported in Adobe Illustrator CS4 and Adobe Illustrator CS3, which could allow a remote attacker to execute an arbitrary code.

Description
This vulnerability is caused due to a memory corruption error when processing Encapsulated Postscript (.eps) files containing overly long data in Adobe Illustrator. A remote attacker could exploit this vulnerability by
tricking a user into opening a specially crafted Encapsulated Postscript Files (.eps) file with a long DSC Comment to trigger memory corruption error. Successful exploitation of this vulnerability could allow a remote
attacker to execute an arbitrary code.

Workarounds
Do not open .eps files from untrusted sources. Exercise caution while visiting websites Solution
Apply appropriate patches as mentioned in Adobe Security Bulletin APSA09-06

Vendor Information
Adobe
http://www.adobe.com/support/security/advisories/apsa09-06.html

References
Adobe
http://www.adobe.com/support/security/advisories/apsa09-06.html
http://blogs.adobe.com/psirt/
Secunia
http://secunia.com/advisories/37563/
SecurityFocus
http://www.securityfocus.com/bid/37192
VUPEN Security
http://www.vupen.com/english/advisories/2009/3396
CVE Name
CVE-2009-4195
CWE Name
CWE-119

Disclaimer
The information provided herein is on “as is” basis, without warranty of any kind.

Advertisements