Security hole in Adobe Illustrator CS5

Security hole in Adobe Illustrator CS5

Summary: Adobe has shipped a patch for a potentially dangerous security hole in its Adobe Illustrator CS5 software product.

SHARE:

Adobe has shipped a patch for a potentially dangerous security hole in its Adobe Illustrator CS5 software product.

The vulnerability, which carries a severity rating of "important," affects Adobe Illustrator CS5 15.0.1 and earlier for Windows.

Here's the gist of the problem:

An important library-loading vulnerability has been identified in Adobe Illustrator CS5 15.0.1 and earlier on the Windows platform. Exploitation of this vulnerability (CVE-2010-3152) could allow an attacker to load arbitrary libraries by tricking a user into opening a file located on a remote WebDAV or SMB share.

Adobe recommends Illustrator CS5 users update their product installations immediately.  Instructions on applying the patch are available via this link.

Topics: Enterprise Software, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Microsoft over-all patch possible alternative

    Isn't this regarding the same remote dll pathing security issue reported a few months ago? It affects far more than Adobe, in that case.

    If so, those of us who aren't presently updating Adobe programs or suites to CS5 (and who may be running other faulted and thus vulnerable programs) can use the Microsoft solution to ban this kind of automatic-bad remote dll pathing.

    Here's a quite comprehensive Microsoft explanation, with the patches. Note that you need to download and install a tool, then use the automated Fixit or manual registry settings to enable.

    http://blogs.technet.com/b/srd/archive/2010/08/31/an-update-on-the-dll-preloading-remote-attack-vector.aspx
    Narr vi
  • Wow!! An(other) Adobe vulnerability .... on a Monday???

    Are Adobe vulnerabilities supposed to come out every Thursday??
    wackoae
  • RE: Security hole in Adobe Illustrator CS5

    My CS5 has been auto updating - several updates each day for the past few days. I think they rolled out the Ai update yesterday. Today it updated Ps & Ps64.
    jebswebs