9.3
CVE-2009-4195
- EPSS 70.68%
- Veröffentlicht 04.12.2009 11:30:00
- Zuletzt bearbeitet 16.06.2026 23:13:13
- Quelle psirt@adobe.com
- CVE-Watchlists
- Unerledigt
Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlier, and CS3 13.0.0 allows remote attackers to execute arbitrary code via a long DSC comment in an Encapsulated PostScript (.eps) file. NOTE: some of these details are obtained from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Illustrator Version13.0.0 Updatecs4
Adobe ≫ Illustrator Version14.0.0 Updatecs4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 70.68% | 0.993 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://blogs.adobe.com/psirt/2009/12/potential_adobe_illustrator_cs.html
http://osvdb.org/60632
http://retrogod.altervista.org/9sg_adobe_illuso.html
http://secunia.com/advisories/37563
http://www.adobe.com/support/security/bulletins/apsb10-01.html
http://www.securityfocus.com/archive/1/508175/100/0/threaded
http://www.securityfocus.com/bid/37192
http://www.securitytracker.com/id?1023276
http://www.vupen.com/english/advisories/2009/3396
https://exchange.xforce.ibmcloud.com/vulnerabilities/54521