Members
  • Total Members: 12814
  • Latest: Rono
Stats
  • Total Posts: 28517
  • Total Topics: 8240
  • Online Today: 976
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Zero-day Adobe bug overshadows impending Flash fix (CVE-2009-4195, )  (Read 1200 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Fears over a reportedly unpatched flaw in Adobe Illustrator have been heightened by the release of exploit code.

A zero-day flaw in the vector graphics editor means that users tricked into opening maliciously manipulated Encapsulated Postscript Files (.eps) files are liable to find themselves hacked. Successful exploitation of the unpatched flaw triggers a memory corruption bug that clears the path towards the execution of malware on vulnerable systems.

Security notification firm Secunia reports that both Illustrator CS3 13.0.0 and CS4 14.0.0 are affected, adding that a published exploit works on fully patched Windows XP machines: http://secunia.com/advisories/37563/
Other versions of Illustrator may also be vulnerable.

Adobe acknowledged a potential problem in at least Illustrator CS4, which it said it was investigating: http://blogs.adobe.com/psirt/2009/12/potential_adobe_illustrator_cs.html

    Adobe is aware of a report of a potential vulnerability in Adobe Illustrator CS4 (CVE-2009-4195). We are currently investigating this issue and will have an update once we have more information. It appears that this issue would require a local user to take the action of opening a malicious .eps file in Illustrator.


The software firm's delayed quarterly patch update is due next Tuesday, a date that coincides with Microsoft's Patch Tuesday release. Adobe's security response team will have their work cut out to develop and test a patch in time.

Tuesday's releases from Adobe are due to include an update addressing a critical flaw in its Flash player software: http://www.adobe.com/support/security/bulletins/apsb09-19.html The critical update for Adobe Flash Player 10.0.32.18 and earlier versions is due to be accompanied by a security fix for Adobe AIR 1.5.2, also addressing a critical vulnerability.

The ubiquity of Adobe software has made it a favourite target for hacking attacks over the last year or so. Booby-trapped PDF exploits have become a particular favourite in targeted attacks.

Flash exploits have also become a weapon of choice as miscreants have extended their sights beyond attacks against Internet Explorer and booby-trapped Microsoft Office document files. In response, Adobe has adopted a regular patch schedule.

(Register)

Samker's Computer Forum - SCforum.info





 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising