Adobe Illustrator EPS File DSC Comment Buffer Overflow

2010-01-20T00:00:00
ID SAINT:DAB4774FB8BA41F07B5979481EF06BB5
Type saint
Reporter SAINT Corporation
Modified 2010-01-20T00:00:00

Description

Added: 01/20/2010
CVE: CVE-2009-4195
BID: 37192
OSVDB: 60632

Background

Adobe Illustrator software is a comprehensive vector graphics environment for creative professionals that is used for both drawing and typographical work. Illustrator supports several vector file formats including AI, CDR, PDF, SVG, DXF, and PS/EPS formats.

Problem

A buffer overflow vulnerability in **MPS.dll** allows command execution when a user opens a specially crafted EPS file.

Resolution

Follow instructions in APSB10-01.

References

<http://secunia.com/secunia_research/2009-58/>

Limitations

Exploit works on Adobe Illustrator CS4 14.0.0 and requires a user to open the exploit file in Adobe Illustrator.

Platforms

Windows