9.3
CVSSv2

CVE-2009-4195

Published: 04/12/2009 Updated: 10/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 985
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlier, and CS3 13.0.0 allows remote malicious users to execute arbitrary code via a long DSC comment in an Encapsulated PostScript (.eps) file. NOTE: some of these details are obtained from third party information.

Affected Products

Vendor Product Versions
AdobeIllustrator13.0.0, 14.0.0

Exploits

<?php /* Adobe Illustrator CS4 (V1400) Encapsulated Postscript (eps) overlong DSC Comment Buffer Overflow Exploit by Nine:Situations:Group::pyrokinesis site: retrogodaltervistaorg/ An overlong string as DSC comment (more than 42000 bytes) results in a direct EIP overwrite Exception is first-chan ...
require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::FILEFORMAT def initialize(info = {}) super(update_info(info, 'Name' => 'Adobe Illustrator CS4 v1400', 'Description' => %q{ Adobe Illustrator CS4 (V1400) Encapsulated Postscript (eps) overlong ...
## # $Id: adobe_illustrator_v14_epsrb 10477 2010-09-25 11:59:02Z mc $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' ...

Metasploit Modules

Adobe Illustrator CS4 v14.0.0

Adobe Illustrator CS4 (V14.0.0) Encapsulated Postscript (.eps) overlong DSC Comment Buffer Overflow Exploit

msf > use exploit/windows/fileformat/adobe_illustrator_v14_eps
      msf exploit(adobe_illustrator_v14_eps) > show targets
            ...targets...
      msf exploit(adobe_illustrator_v14_eps) > set TARGET <target-id>
      msf exploit(adobe_illustrator_v14_eps) > show options
            ...show and set options...
      msf exploit(adobe_illustrator_v14_eps) > exploit