9.3
CVSSv2

CVE-2020-9639

Published: 25/06/2020 Updated: 29/06/2020
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Adobe Illustrator versions 24.1.2 and previous versions have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .

Vulnerability Trend

Affected Products

Vendor Product Versions
AdobeIllustrator24.1.2

Vendor Advisories

Adobe has released updates for Adobe Illustrator 2020 for Windows This update resolves critical vulnerabilities that could lead to arbitrary code execution in the context of current user ...

Recent Articles

Adobe Patches 18 Critical Flaws in Out-Of-Band Update
Threatpost • Lindsey O'Donnell • 16 Jun 2020

Adobe patched 18 critical vulnerabilities Tuesday impacting key products Adobe After Effects, Illustrator, Premiere Pro, Premiere Rush and Audition. The out-of-band fixes address vulnerabilities allowing an attacker to execute arbitrary code, if bugs are exploited.
In its security bulletin Adobe said it was not aware of any exploits in the wild for any of the bugs.
Five of the critical flaws were discovered in versions 17.1 and earlier of After Effects. Users are encouraged to update...

The Register

Adobe has emitted security patches for six of its most prominent software bundles, including Illustrator, After Effects, and Premier Pro.
For Illustrator, the fix cleans up five so-called critical CVE-listed security holes (CVE-2020-9642, CVE-2020-9575, CVE-2020-9641, CVE-2020-9640, CVE-2020-9639.) It's a mix of a buffer overrun and memory corruption issues that can be exploited, presumably, by maliciously crafted documents to achieve arbitrary code execution on macOS and Windows systems.<...