Adobe warns of critical PageMaker, Illustrator flaws
On the same day Microsoft released a batch of six security bulletins, Adobe joined the Patch Tuesday train with three advisories covering a total of five vulnerabilities.
The most serious is a buffer overflow in Adobe PageMaker 7.0.1 and PageMaker 7.0.2 that could allow an attacker to take control of the affected system. Adobe rates this a "critical" issue and recommends the patch is applied immediately.
Vuln.sg, the research outfit credited with the discovery, provides some technical details:
A stack-based buffer overflow occurs in Adobe PageMaker for Windows when a specially-crafted PageMaker (PMD) file that contains an overly long font-name is opened. This is due to a boundary error in MAIPM6.DLL when copying the font-name into a fixed-length stack buffer. This can be exploited to execute arbitrary code on the user's system when the user opens a malicious PMD file.
Adobe also plugged a pair of "critical" holes affecting Illustrator CS3, warning that malicious BMP, DIB, RLE, or PNG files opened in Illustrator by the user for an attacker could lead to code execution attacks.
[ SEE: Adobe confirms PDF backdoor, offers unsupported workaround ]
The third bulletin, also rated critical, from Adobe covers two vulnerabilities in GoLive 9 that could be exploited by malicious hackers to take control of a vulnerable system.
A user must be convinced to insert a malicious BMP, DIB, PNG, or RLE file into a GoLive document for an attacker to exploit these potential vulnerabilities. Users are recommended to update their installations with the instructions provided below, and Adobe encourages all customers to be cautious before opening any unknown file, regardless of which application they may be using.
An update for GoLive on Macintosh is not available at this time. In the meantime, Adobe recommends removing the PNG Plugin, or not using PNGs from untrusted sources.
Adobe is also working on a fix for a dangerous code execution flaw affecting Adobe Reader 8.1 and earlier versions, Adobe Acrobat Standard, Professional and Elements 8.1 and earlier versions, and Adobe Acrobat 3D.