CVE-2009-4195

Adobe Illustrator <14.0.0 - Buffer Overflow

Title source: llm

Description

Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlier, and CS3 13.0.0 allows remote attackers to execute arbitrary code via a long DSC comment in an Encapsulated PostScript (.eps) file. NOTE: some of these details are obtained from third party information.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalwindows

https://www.exploit-db.com/exploits/16669

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by dookie · rubylocalwindows

https://www.exploit-db.com/exploits/10344

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by pyrokinesis · phplocalwindows

https://www.exploit-db.com/exploits/10281

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by pyrokinesis, dookie · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/adobe_illustrator_v14_eps.rb

View Code ZIP pw:eip

References (10)

[Various Sources] http://www.adobe.com/support/security/bulletins/apsb10-01.html

[Various Sources] http://blogs.adobe.com/psirt/2009/12/potential_adobe_illustrator_cs.html

[Exploit] http://retrogod.altervista.org/9sg_adobe_illuso.html

[Vendor Advisory] http://secunia.com/advisories/37563

[Exploit] http://www.securityfocus.com/bid/37192

[Vendor Advisory] http://www.vupen.com/english/advisories/2009/3396

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/54521

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/508175/100/0/threaded

[Third Party Advisory, VDB Entry] http://osvdb.org/60632

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1023276

Scores

EPSS 0.8720

EPSS Percentile 99.5%

Details

CWE

CWE-119

Status published

Products (2)

adobe/illustrator 13.0.0 cs4

adobe/illustrator 14.0.0 cs4

Published Dec 04, 2009

Tracked Since Feb 18, 2026