Adobe » Illustrator : Security Vulnerabilities, CVEs, (Code Execution)
Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Max CVSS
7.8
EPSS Score
0.10%
Published
2023-12-13
Updated
2023-12-14
Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Max CVSS
7.8
EPSS Score
0.14%
Published
2022-10-25
Updated
2022-10-31
Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Max CVSS
9.3
EPSS Score
0.64%
Published
2021-09-08
Updated
2022-10-07
Adobe Illustrator version 25.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Max CVSS
9.3
EPSS Score
0.64%
Published
2021-09-08
Updated
2022-10-07
Stack-based buffer overflow in Adobe Illustrator CS6 before 16.0.5 and 16.2.x before 16.2.2 allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
4.72%
Published
2014-05-14
Updated
2014-05-14
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026.
Max CVSS
10.0
EPSS Score
0.75%
Published
2012-05-24
Updated
2012-09-29
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, and CVE-2012-2025.
Max CVSS
10.0
EPSS Score
2.71%
Published
2012-05-09
Updated
2017-08-29
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, and CVE-2012-2026.
Max CVSS
10.0
EPSS Score
26.70%
Published
2012-05-09
Updated
2017-08-29
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2025, and CVE-2012-2026.
Max CVSS
10.0
EPSS Score
26.70%
Published
2012-05-09
Updated
2017-08-29
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026.
Max CVSS
10.0
EPSS Score
2.71%
Published
2012-05-09
Updated
2017-08-29
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026.
Max CVSS
10.0
EPSS Score
1.87%
Published
2012-05-09
Updated
2017-12-05
Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, CS5 15.0.1 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or aires.dll that is located in the same folder as an .ait or .eps file.
Max CVSS
9.3
EPSS Score
4.59%
Published
2010-08-27
Updated
2018-10-10
CVE-2009-4195
Public exploit
Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlier, and CS3 13.0.0 allows remote attackers to execute arbitrary code via a long DSC comment in an Encapsulated PostScript (.eps) file. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
97.20%
Published
2009-12-04
Updated
2018-10-10
Buffer overflow in Adobe Illustrator CS3 13.0.3 and earlier and Illustrator CS4 14.0.0 allows attackers to execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
5.41%
Published
2010-01-08
Updated
2010-01-11
Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on Macintosh allow user-assisted attackers to execute arbitrary code via a crafted AI file.
Max CVSS
9.3
EPSS Score
0.56%
Published
2008-09-18
Updated
2017-08-08
Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0, Illustrator CS3, and GoLive 9 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.
Max CVSS
9.3
EPSS Score
42.80%
Published
2007-04-30
Updated
2017-10-11
Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file.
Max CVSS
9.3
EPSS Score
12.37%
Published
2007-04-25
Updated
2017-10-11
17 vulnerabilities found