=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN359
_____________________________________________________________________

DATE                      : 17/09/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Mac OS running Mac Illustrator CS2.

======================================================================
http://www.adobe.com/support/security/advisories/apsa08-07.html
______________________________________________________________________

Potential vulnerabilities in Mac Illustrator CS2

Release date: September 16, 2008

Vulnerability identifier: APSA08-07

CVE number: CVE-2008-3961

Platform: Macintosh

Affected Software: Illustrator CS2
Summary

Adobe is aware of recently published security issues in the Illustrator
CS2 Macintosh version that could potentially cause code execution. An
attacker would need to convince a user to open a malicious AI file in
Illustrator to successfully exploit the issue.


Details

An attacker would need to convince a user to open a malicious AI file in
Illustrator CS2 on Macintosh to successfully exploit the issue. Adobe
recommends that customers exercise caution when receiving unsolicited or
suspicious files. Adobe is not aware of any information to indicate
that this vulnerability has been publicly used to attack customers.

These issues do not affect Illustrator CS3 or the upcoming Illustrator
CS4 release.


Severity Rating

Adobe categorizes this as a critical issue and recommends that
Illustrator CS2 Mac customers exercise caution when receiving
unsolicited or suspicious AI files.


Acknowledgments

Adobe would like to thank Nathan McFeters of Ernst and Young’s Advanced
Security Center for reporting these vulnerabilities and for working with
us to help protect our customers' security.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================