Adobe Illustrator vulnerable to arbitrary code execution exploit via malicious files
CVE-2024-41856

7.8HIGH

Key Information:

Vendor: Adobe
Status: Illustrator
Vendor: CVE Published:; 14 August 2024

Summary

An improper input validation vulnerability in Adobe Illustrator versions 28.5, 27.9.4, 28.6, and 27.9.5, as well as earlier releases, presents a potential risk for arbitrary code execution. This vulnerability requires user interaction, specifically that the victim must open a malicious file to exploit the flaw. Users of the affected versions should take immediate action to mitigate risks associated with this vulnerability.

Affected Version(s)

Illustrator 0 <= 27.9.5

References

https://helpx.adobe.com/security/products/illustrator/aps...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 14, 2024
Vulnerability Reserved
Jul 22, 2024