Malware City/News

Dec
07
Filed Under:
VULNERABILITIES

Critical vulnerability in Adobe Illustrator

07 December 2009
An exploit which utilises a previously unknown vulnerability when processing crafted encapsulated postscript (.eps) files has been published for the Windows version of Adobe Illustrator. An exploit which utilises a previously unknown vulnerability when processing crafted encapsulated postscript (.eps) files has been published for the Windows version of Adobe Illustrator. Loading an .eps file with an overlong DSC comment causes a buffer overflow which can be exploited to inject code and execute it with the user's privileges.

The published exploit binds a shell on network port 4444 on the victim's computer, giving the attacker remote access to the system. It is unclear whether or not a similar exploit exists for Mac versions.

Adobe Illustrator CS3 (13.0.0) and CS4 (14.0.0) are both affected. Adobe has been informed of the issue and has indicated that it is looking into the problem. No fix is available as yet, meaning that the only protection against this problem is to not open .eps files of unknown provenance.


Source:

http://www.h-online.com/



Related

09-11-2009 | First iPhone worm spreads Rick Astley wallpaper

05-10-2009 | Vulnerabilities in Samba file and printer server plugged

30-09-2009 | Exploit published for SMB2 vulnerability in Windows

21-09-2009 | Microsoft offers "1-Click Workaround" for SMB2 hole

GET YOUR MALWARE CITY CITIZENSHIP NOW! JOIN THE COMMUNITY

Search the City

Categories

MISCELLANEOUS

VULNERABILITIES

TECHNOLOGIES

AWARDS

SECURITY SOFTWARE

HOW TO....

BETA TESTING

SECURITY ALERTS

WINDOWS

NETWORK

Malware City Toolbox


Proxy
A computer process that relays a protocol between client and server systems by appearing to be the client to t...
Read More

Follow us on

TWITTER FACEBOOK RSS FEED

Like us on Facebook

GET THE LATEST NEWS SUBSCRIBE TO OUR NEWSLETTER
CITIZEN PETITIONS SEND US YOUR FEEDBACK