Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-4195Improper Restriction of Operations within the Bounds of a Memory Buffer in Adobe Illustrator

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents4 sources
Severity
9.3CRITICALNVD
EPSS
87.2%
top 0.55%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Adobe Illustrator
Timeline
PublishedDec 4
Latest updateMay 2

Description

Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlier, and CS3 13.0.0 allows remote attackers to execute arbitrary code via a long DSC comment in an Encapsulated PostScript (.eps) file. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDadobe/illustrator13.0.0, 14.0.0+1

🔴Vulnerability Details

2
GHSA
GHSA-wc7h-v9xc-m32c: Buffer overflow in Adobe Illustrator CS4 142022-05-02
CVEList
CVE-2009-4195: Buffer overflow in Adobe Illustrator CS4 142009-12-04

💥Exploits & PoCs

3
Exploit-DB
Adobe Illustrator CS4 14.0.0 - Postscript (.eps) Buffer Overflow (Metasploit)2010-09-25
Exploit-DB
Adobe Illustrator CS4 14.0.0 - eps Universal Buffer Overflow (Metasploit)2009-12-07
Exploit-DB
Adobe Illustrator CS4 14.0.0 - Encapsulated Postscript '.eps' Local Buffer Overflow2009-12-03
CVE-2009-4195 — Adobe Illustrator vulnerability | cvebase