Thursday, December 3, 2009

Exploit Released for Adobe Illustrator Zero Day Flaw

Via -

Adobe's security response team is scrambling to deal with the release of exploit code for what appears to be a critical zero-day flaw in the Adobe Illustrator CS4 software product.

The vulnerability is caused due to an error in the parsing of Encapsulated Postscript Files (.eps) and can be exploited to corrupt memory when a user opens a specially crafted .eps file. Successful exploitation allows execution of arbitrary code.

The flaw is confirmed in version CS3 13.0.0 and CS4 14.0.0. Other versions may also be affected.

Here is a link to exploit code that works against Windows XP Service Pack 3.
An overlong string as DSC comment (more than 42000 bytes) results in a direct EIP overwrite. Exception is first-chance so the program will never crash. At the moment of the redirection EAX and ESI are user-controlled.
Adobe director of product security Brad Arkin says the company is investigating the public report. Mitigation guidance is expected soon on the company's PSIRT blog.

In the interim, Secunia recommends that Illustrator users avoid opening files from untrusted sources.

No comments:

Post a Comment