=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN526
_____________________________________________________________________

DATE                      : 11/12/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Adobe Illustrator CS4,
                                 Adobe Illustrator CS3.

======================================================================
http://www.adobe.com/support/security/advisories/apsa09-06.html
______________________________________________________________________

Security Advisory for Adobe Illustrator CS4 and Adobe Illustrator CS3

Release date: December 07, 2009

Vulnerability identifier: APSA09-06

CVE number: CVE-2009-4195

Platform: All Platforms
Summary

Adobe is aware of a report of a buffer overflow vulnerability in
Adobe Illustrator CS4 and Adobe Illustrator CS3 that could lead to
arbitrary code execution. Adobe plans to make available an update to
Adobe Illustrator to resolve the issue by January 8, 2010. Adobe recommends
customers avoid opening .eps files from unknown or untrusted sources in
Illustrator until a patch is available.


Affected software versions

Adobe Illustrator CS4 (14.0.0)
Adobe Illustrator CS3 (13.0.3 and earlier)


Severity rating

Adobe categorizes this as a critical issue and recommends that users
avoid opening .eps files from unknown or untrusted sources in Illustrator
until a patch is available.


Details

Adobe is aware of a report of a buffer overflow vulnerability in
Adobe Illustrator CS4 and Adobe Illustrator CS3 that could lead to arbitrary
code execution. A successful exploit of the vulnerability would require a
local user to take the action of opening a malicious .eps file in Illustrator.
Adobe plans to make available an update to Adobe Illustrator to resolve the
issue by January 8, 2010. Adobe recommends customers avoid opening .eps files
from unknown or untrusted sources in Illustrator until a patch is available.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================