Accessibility

Security advisory

Potential vulnerabilities in Mac Illustrator CS2

Release date: September 16, 2008

Vulnerability identifier: APSA08-07

CVE number: CVE-2008-3961

Platform: Macintosh

Affected Software: Illustrator CS2

Summary

Adobe is aware of recently published security issues in the Illustrator CS2 Macintosh version that could potentially cause code execution. An attacker would need to convince a user to open a malicious AI file in Illustrator to successfully exploit the issue.

Details

An attacker would need to convince a user to open a malicious AI file in Illustrator CS2 on Macintosh to successfully exploit the issue. Adobe recommends that customers exercise caution when receiving unsolicited or suspicious files. Adobe is not aware of any information to indicate that this vulnerability has been publicly used to attack customers.

These issues do not affect Illustrator CS3 or the upcoming Illustrator CS4 release.

Severity Rating

Adobe categorizes this as a critical issue and recommends that Illustrator CS2 Mac customers exercise caution when receiving unsolicited or suspicious AI files.

Acknowledgments

Adobe would like to thank Nathan McFeters of Ernst and Young’s Advanced Security Center for reporting these vulnerabilities and for working with us to help protect our customers' security.