English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Adobe Illustrator Multiple Vulnerabilities


Secunia ID

SA47118

CVE-ID

CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, CVE-2012-2026, CVE-2012-2042

Release Date

09 May 2012

Last Change

05 Jun 2012

Criticality

Highly Critical

Solution Status

Vendor Patch

Software

Adobe Illustrator CS5 15.x

Where

From remote

Impact
System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

Description

Multiple vulnerabilities have been reported in Adobe Illustrator, which can be exploited by malicious people to compromise a user's system.

1) An unspecified error can be exploited to corrupt memory.

2) Another unspecified error can be exploited to corrupt memory.

3) Another unspecified error can be exploited to corrupt memory.

4) Another unspecified error can be exploited to corrupt memory.

5) An integer overflow error in JPEGFormat.aip when calculating the size of a buffer to allocate based on the image dimensions and colour depth can be exploited to cause a heap-based buffer overflow via a specially crafted JPEG image file.

NOTE: This vulnerability is confirmed in CS5 bundling JPEGFormat.aip version 15.0.128.0.

6) Another unspecified error can be exploited to corrupt memory.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in Adobe Illustrator version CS5.5 (15.1) and prior for Windows and Macintosh. Other versions may also be affected.

Solution

Update to version CS5 (15.0.3) or CS5.5 (15.1.1) or upgrade to version CS6 (16.0.0).

Reported by

5) Tielei Wang, Georgia Tech Information Security Center via Secunia

The vendor credits:
1, 4, 6) Felipe Andres Manzano via iSIGHT Partners Global Vulnerability Partnership
2, 3) Justin Kim, Microsoft

Original Advisory

Adobe (APSB12-10):
http://www.adobe.com/support/security/bulletins/apsb12-10.html