Adobe Illustrator Encapsulated Postscript File Remote Buffer Overflow Vulnerability
2011年2月4日
CVE标识符: : CVE-2009-4195
建议日期 : 2009年12月17日
描述
Trend Micro advises users about an existing vulnerability in Adobe Illustrator. The exploit happens when the said application fails to successfully parse comments from EPS (Encapsulated PostScript) files, leading to a buffer overflow.
Once the vulnerability is successfully exploited, attackers can be allowed to execute arbitrary code on the compromised system, allowing them to gain complete control of it.
保护信息
For Trend Micro clients using OfficeScan with Intrusion Defense Firewall (IDF)
please refer to filter identifier(s) specific to this advisory's vulnerability
identifiers. For patch information and suggested workarounds, users are advised to refer to
this Adobe webpage: http://www.adobe.com/support/security/advisories/apsa09-06.html
解决方案
Trend Micro Deep Security DPI Rule Number: 1003864
受感染软件和版本:
- Adobe Illustrator CS4 (14.0.0)
- Adobe Illustrator CS3 (13.0.3 and earlier)