Adobe warns of critical PageMaker, Illustrator flaws

Summary:Adobe has shipped patches for several high-risk security holes affecting its widely used PageMaker, Illustrator and GoLive 9 products.

Adobe warns of critical PageMaker, Illustrator flaws
Adobe has shipped patches for several high-risk security holes affecting its widely used PageMaker, Illustrator and GoLive 9 products.

On the same day Microsoft released a batch of six security bulletins, Adobe joined the Patch Tuesday train with three advisories covering a total of five vulnerabilities.

The most serious is a buffer overflow in Adobe PageMaker 7.0.1 and PageMaker 7.0.2 that could allow an attacker to take control of the affected system. Adobe rates this a "critical" issue and recommends the patch is applied immediately.

Vuln.sg, the research outfit credited with the discovery, provides some technical details:

A stack-based buffer overflow occurs in Adobe PageMaker for Windows when a specially-crafted PageMaker (PMD) file that contains an overly long font-name is opened. This is due to a boundary error in MAIPM6.DLL when copying the font-name into a fixed-length stack buffer. This can be exploited to execute arbitrary code on the user's system when the user opens a malicious PMD file.

Adobe also plugged a pair of "critical" holes affecting Illustrator CS3, warning that malicious BMP, DIB, RLE, or PNG files opened in Illustrator by the user for an attacker could lead to code execution attacks.

[ SEE: Adobe confirms PDF backdoor, offers unsupported workaround ]

The third bulletin, also rated critical, from Adobe covers two vulnerabilities in GoLive 9 that could be exploited by malicious hackers to take control of a vulnerable system.

A user must be convinced to insert a malicious BMP, DIB, PNG, or RLE file into a GoLive document for an attacker to exploit these potential vulnerabilities. Users are recommended to update their installations with the instructions provided below, and Adobe encourages all customers to be cautious before opening any unknown file, regardless of which application they may be using.

An update for GoLive on Macintosh is not available at this time. In the meantime, Adobe recommends removing the PNG Plugin, or not using PNGs from untrusted sources.

Adobe is also working on a fix for a dangerous code execution flaw affecting Adobe Reader 8.1 and earlier versions, Adobe Acrobat Standard, Professional and Elements 8.1 and earlier versions, and Adobe Acrobat 3D.

Topics: Enterprise Software, Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.