Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a buffer overflow vulnerability due to insecure handling of a crafted malicious file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted malicious file in Illustrator.
CVE Status: Modified
Attribute | Value |
---|---|
Attack Complexity | LOW |
Attack Vector | LOCAL |
Availability Impact | HIGH |
Base Score | 7.8 |
Base Severity | HIGH |
Confidentiality Impact | HIGH |
Integrity Impact | HIGH |
Privileges Required | NONE |
Scope | UNCHANGED |
User Interaction | REQUIRED |
Vector String | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Exploitability Score | 1.8 |
Impact Score | 5.9 |
Source | [email protected] |
Type | Secondary |