Adobe Illustrator Malformed AI File Remote Code Execution Vulnerability
The internet is so much a part of life and business these days that desktop applications are still a target. It is easy for a malicious user to exploit a desktop application via social engineering, man in the middle attacks, phishing and other means. In my opinion graphic designers are a good target for those with ill intent to target. Think about it, while most of their work relies on using a computer, they may not have the technical skills to understand the dangers of opening strange files, or visiting URL’s. Graphic designers often also work on new products for companies, therefor have inside information on a product as they are designing identities and media. Here is an vulnerability targeting the popular Adobe Illustrator. What irritates me about such products is the end user must rely on the Vendor for a patch. In this case CS2 has been replaced with CS3. Adobe products also have a tendency to be expensive, so it is unlikely that every graphic designer will update.
http://www.securityfocus.com/bid/31208/info
Adobe Illustrator is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious AI file. Successfully exploiting this issue will allow attackers to execute arbitrary code with the privileges of the user running the affected application. This issue affects only Adobe Illustrator CS2 for Macintosh.
Add comment September 18th, 2008