====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN275
_____________________________________________________________________

DATE                : 12/05/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):Systems running Adobe Illustrator versions
                                 prior to 25.2.3.

=====================================================================
https://helpx.adobe.com/security/products/illustrator/apsb21-24.html
_____________________________________________________________________

Security Updates Available for Adobe Illustrator | APSB21-24


Bulletin ID        Date Published       Priority

ASPB21-24          May 11, 2021         3


Summary

Adobe has released an update for Adobe Illustrator 2021. This update
resolves multiple critical vulnerabilities that could lead to arbitrary
code execution in the context of current user.


Affected Versions

Product         Version           Platform

Illustrator 2021       25.2  and earlier versions      Windows


Solution

Adobe categorizes these updates with the following  priority ratings 
and recommends users update their installation to the newest version via
the Creative Cloud desktop app's update mechanism.  For more
information, please reference this help page.


Product       Version       Platform      Priority       Availability

Illustrator 2021     25.2.3     Windows and macOS    3     Download Page


Vulnerability details

Vulnerability Category    Vulnerability Impact   Severity   CVE Numbers

Out-of-bounds write   Arbitrary code execution  Critical  CVE-2021-21101

Memory Corruption   Arbitrary code execution  Critical    CVE-2021-21103
                                                          CVE-2021-21104
                                                          CVE-2021-21105

Path Traversal    Arbitrary code execution     Critical   CVE-2021-21102


Acknowledgments


Adobe would like to thank the following researchers for
reporting these issues and for working with Adobe to help protect our
customers:  

    Tran Van Khang \xe2\x80\x93 khangkito (VinCSS) working with Trend
Micro Zero Day Initiative (CVE-2021-21101)

    rgod working with Trend Micro Zero Day Initiative (CVE-2021-21102)
    Kushal Arvind Shah of Fortinet's FortiGuard Labs (CVE-2021-21103,
CVE-2021-21104, CVE-2021-21105)



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================