Isn't this regarding the same remote dll pathing security issue reported a few months ago? It affects far more than Adobe, in that case.
If so, those of us who aren't presently updating Adobe programs or suites to CS5 (and who may be running other faulted and thus vulnerable programs) can use the Microsoft solution to ban this kind of automatic-bad remote dll pathing.
Here's a quite comprehensive Microsoft explanation, with the patches. Note that you need to download and install a tool, then use the automated Fixit or manual registry settings to enable.
http://blogs.technet.com/b/srd/archive/2010/08/31/an-update-on-the-dll-preloading-remote-attack-vector.aspx
Adobe has shipped a patch for a potentially dangerous security hole in its Adobe Illustrator CS5 software product.
The vulnerability, which carries a severity rating of “important,” affects Adobe Illustrator CS5 15.0.1 and earlier for Windows.
Here’s the gist of the problem:
An important library-loading vulnerability has been identified in Adobe Illustrator CS5 15.0.1 and earlier on the Windows platform. Exploitation of this vulnerability (CVE-2010-3152) could allow an attacker to load arbitrary libraries by tricking a user into opening a file located on a remote WebDAV or SMB share.
Adobe recommends Illustrator CS5 users update their product installations immediately. Instructions on applying the patch are available via this link.
