CVE-2012-2024

CWE-119 — Buffer Overflow CWE-451 CWE-79 — Cross-site Scripting (XSS)CWE-197 CWE-693 CWE-416 — Use After Free CWE-78 — OS Command Injection13 documents7 sources

Severity

10.0CRITICAL

EPSS

13.9%

top 5.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Illustrator Cs5.5 Adobe Illustrator

Timeline

PublishedMay 9

Latest updateMay 14

Description

Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2025, and CVE-2012-2026.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDadobe/illustrator_cs5.515

▶NVDadobe/illustrator13 versions+12

Patches

Patch: www.adobe.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-mqr5-ffq5-hrp4: Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a di↗2022-05-17

▶

CVEList

CVE-2012-2024: Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a di↗2012-05-09

▶

📋Vendor Advisories

CISA

Microsoft Internet Explorer Use-After-Free Vulnerability↗2024-07-23

▶

CISA

PHP-CGI OS Command Injection Vulnerability↗2024-06-12

▶

🕵️Threat Intelligence

Bleepingcomputer

Microsoft fixes Linux boot issues on dual-boot Windows systems↗2025-05-14

▶