Adobe has released a critical patch to cover two serious security vulnerabilities in the Adobe Illustrator CS3 and CS4 products. The vulnerabilities could lead to arbitrary code execution. Affected software includes Adobe Illustrator CS4 (14.0.0) and Adobe Illustrator CS3 (13.0.3 and earlier versions).
From the advisory:
- This update resolves a buffer overflow vulnerability that could could lead to arbitrary code execution (CVE-2009-4195).
- This update resolves a buffer overflow vulnerability that could lead to arbitrary code execution (CVE-2009-3952).
Secunia is credited for finding and reporting the flaws.
Next Tuesday, Adobe is expected to ship critical patches for the widely deployed Reader/Acrobat software.