Adobe Illustrator EPS File DSC Comment Buffer Overflow

Added: 01/20/2010
CVE: CVE-2009-4195
BID: 37192
OSVDB: 60632

Background

Adobe Illustrator software is a comprehensive vector graphics environment for creative professionals that is used for both drawing and typographical work. Illustrator supports several vector file formats including AI, CDR, PDF, SVG, DXF, and PS/EPS formats.

Problem

A buffer overflow vulnerability in MPS.dll allows command execution when a user opens a specially crafted EPS file.

Resolution

Follow instructions in APSB10-01.

References

http://secunia.com/secunia_research/2009-58/

Limitations

Exploit works on Adobe Illustrator CS4 14.0.0 and requires a user to open the exploit file in Adobe Illustrator.

Platforms

Windows

Back to exploit index