Lucene search
Mat Powell of Trend Micro Zero Day InitiativeZDI-23-247HistoryMar 16, 2023 - 12:00 a.m.
Adobe Illustrator Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
2023-03-1600:00:00
Mat Powell of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
4
adobe illustrator
font parsing
out-of-bounds write
remote code execution
vulnerability
user interaction
embedded fonts
allocated buffer
current process
crafted data
0.004 Low
EPSS
Percentile
74.1%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of embedded fonts. Crafted data in a font can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Related
cve
cve
CVE-2023-25860
2023-03-22 17:15:15
prion
prion
Cross site scripting
2023-03-22 17:15:00
nvd
nvd
CVE-2023-25860
2023-03-22 17:15:15
cnvd
cnvd
Adobe Illustrator Out-of-Bounds Write Vulnerability (CNVD-2023-50822)
2023-03-17 00:00:00
cvelist
cvelist
adobe
adobe
APSB23-19 : Security update available for Adobe Illustrator
2023-03-14 00:00:00
nessus
nessus
Adobe Illustrator < 27.3.1 Multiple Vulnerabilities (APSB23-19) (macOS)
2023-10-16 00:00:00
Adobe Illustrator < 27.3.1 Multiple Vulnerabilities (APSB23-19)
2023-03-14 00:00:00
openvas
openvas
Adobe Illustrator Multiple Vulnerabilities (APSB23-19) - Mac OS X
2023-03-15 00:00:00
Adobe Illustrator Multiple Vulnerabilities (APSB23-19) - Windows
2023-03-15 00:00:00