Adobe’s
security response team is scrambling to deal with the release of
exploit code for what appears to be a critical zero-day flaw in the
Adobe Illustrator CS4 software product.
The vulnerability is caused due to an error in the parsing of
Encapsulated Postscript Files (.eps) and can be exploited to corrupt
memory when a user opens a specially crafted .eps file. Successful
exploitation allows execution of arbitrary code.
The flaw is confirmed in version CS3 13.0.0 and CS4 14.0.0. Other versions may also be affected.
Here is a link to exploit code that works against Windows XP Service Pack 3.
An
overlong string as DSC comment (more than 42000 bytes) results in a
direct EIP overwrite. Exception is first-chance so the program will
never crash. At the moment of the redirection EAX and ESI are
user-controlled.
Adobe director of product security Brad Arkin says the company is investigating the public report. Mitigation guidance is expected soon on the company’s PSIRT blog.
In the interim, Secunia recommends that Illustrator users avoid opening files from untrusted sources.