Lucene search

K

SAINT CorporationSAINT:5D9CF4CFA061EA8B38FDB6D364C80E1D

HistoryJan 20, 2010 - 12:00 a.m.

Adobe Illustrator EPS File DSC Comment Buffer Overflow

2010-01-2000:00:00

SAINT Corporation

download.saintcorporation.com

14

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.7%

Added: 01/20/2010
CVE: CVE-2009-4195
BID: 37192
OSVDB: 60632

Background

Adobe Illustrator software is a comprehensive vector graphics environment for creative professionals that is used for both drawing and typographical work. Illustrator supports several vector file formats including AI, CDR, PDF, SVG, DXF, and PS/EPS formats.

Problem

A buffer overflow vulnerability in **MPS.dll** allows command execution when a user opens a specially crafted EPS file.

Resolution

Follow instructions in APSB10-01.

References

<http://secunia.com/secunia_research/2009-58/>

Limitations

Exploit works on Adobe Illustrator CS4 14.0.0 and requires a user to open the exploit file in Adobe Illustrator.

Platforms

Windows

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.7%

Related for SAINT:5D9CF4CFA061EA8B38FDB6D364C80E1D

checkpoint_advisories2 saint3 packetstorm1 cvelist1 prion1 cve1 nessus1 threatpost1 openvas2