Release date: September 16, 2008
Vulnerability identifier: APSA08-07
CVE number: CVE-2008-3961
Affected Software: Illustrator CS2
Adobe is aware of recently published security issues in the Illustrator CS2 Macintosh version that could potentially cause code execution. An attacker would need to convince a user to open a malicious AI file in Illustrator to successfully exploit the issue.
An attacker would need to convince a user to open a malicious AI file in Illustrator CS2 on Macintosh to successfully exploit the issue. Adobe recommends that customers exercise caution when receiving unsolicited or suspicious files. Adobe is not aware of any information to indicate that this vulnerability has been publicly used to attack customers.
These issues do not affect Illustrator CS3 or the upcoming Illustrator CS4 release.
Adobe categorizes this as a critical issue and recommends that Illustrator CS2 Mac customers exercise caution when receiving unsolicited or suspicious AI files.
Adobe would like to thank Nathan McFeters of Ernst and Young???s Advanced Security Center for reporting these vulnerabilities and for working with us to help protect our customers' security.