Published: 26/06/2020 Updated: 29/06/2020
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Adobe Illustrator versions 24.0.2 and previous versions have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .

Vulnerability Trend

Affected Products

Vendor Product Versions

Vendor Advisories

Adobe has released updates for Adobe Illustrator 2020 for Windows This update resolves critical  vulnerabilities that could lead to arbitrary code execution in the context of current user ...

Recent Articles

In trying times like these, it's reassuring to know you can still get pwned five different ways by Adobe Illustrator files
The Register • Shaun Nichols in San Francisco • 30 Apr 2020

Make sure you update your software with these critical fixes

Adobe has emitted fixes for multiple remote code execution holes in Illustrator and its Bridge code.
Those who rely on Adobe Illustrator version 24.0.2 for Windows, or earlier builds, will want to make sure they install APSB20-20, the latest round of security fixes for the drawing tool.
"This update resolves critical vulnerabilities that could lead to arbitrary code execution in the context of current user," Adobe says of the patch.
The update closes up five CVE-listed securi...

Critical Adobe Illustrator, Bridge and Magento Flaws Patched
Threatpost • Lindsey O'Donnell • 28 Apr 2020

Adobe is warning of critical flaws in Adobe Bridge, Adobe Illustrator and the Magento e-commerce platform. If exploited, the most severe vulnerabilities could enable remote code execution on affected systems.
Adobe’s out-of-band security update, released on Tuesday, addressed vulnerabilities tied to 35 CVEs overall (25 of which were critical). The majority of these flaws affect Adobe Bridge (version 10.0.1 and earlier for Windows), the company’s digital asset management software.