Accessibility

Security bulletin

Security Bulletin for Adobe Illustrator

Release date: May 8, 2012

Last updated: June 4, 2012

Vulnerability identifier: APSB12-10

Priority: 3

CVE numbers: CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, CVE-2012-2026, CVE-2012-2042

Platform: Windows and Macintosh

Summary

Adobe released security updates for Adobe Illustrator CS5 (15.0.x) and Adobe Illustrator CS5.5 (15.1) for Windows and Macintosh. These updates address vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Note that Adobe Illustrator CS6 (16.0.0) for Windows and Macintosh, released on May 7, 2012, addresses these vulnerabilities. No update is required for users of Adobe Illustrator CS 6 (16.0.0) for Windows and Macintosh.

Affected software versions

Adobe Illustrator CS5.5 (15.1) and earlier for Windows and Macintosh

Solution

Adobe has released Adobe Illustrator CS5 (15.0.3) and Adobe Illustrator CS5.5 (15.1.1) to address the vulnerabilities highlighted in this security bulletin.

Adobe Illustrator CS5 (15.0) and Adobe Illustrator CS 5.5 (15.1) users can find the appropriate update for their version/platform here:

Adobe Illustrator CS5 (15.0.3) for Windows
Adobe Illustrator CS5 (15.0.3) for Macintosh

Adobe Illustrator CS5.5 (15.1.1) for Windows
Adobe Illustrator CS5.5 (15.1.1) for Macintosh

Setup Instructions

Adobe Illustrator CS5 (15.0.3) and Adobe Illustrator CS5.5 (15.1.1) for Macintosh:
1. Download the DMG file and mount it on your Macintosh machine
2. Browse folder and execute the application AdobePatchInstaller

Adobe Illustrator CS5 (15.0.3) and Adobe Illustrator CS5.5 (15.1.1) for Windows:
1. Download the Zip file on your Windows machine and un-compress it
2. Browse folder and execute the application AdobePatchInstaller.exe

Note for Adobe Illustrator CS5 (15.0) users: 
It is recommended that you have Adobe Illustrator CS 5 (15.0.2) installed before you apply this new patch 15.0.3.

Adobe categorizes these updates with the following priority ratings:

Product
Updated Version
Platform
Priority Rating
Adobe Illustrator CS5 (15.0.3) Windows and Macintosh
3
Adobe Illustrator CS5.1 (15.1.1) Windows and Macintosh
3


These updates address critical vulnerabilities in the software.

Details

Adobe released security updates for Adobe Illustrator CS5 (15.0.x) and Adobe Illustrator CS5.5 (15.1) for Windows and Macintosh. These updates address vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Note that Adobe Illustrator CS6 (16.0.0) for Windows and Macintosh, released on May 7, 2012, addresses these vulnerabilities. No update is required for users of Adobe Illustrator CS 6 (16.0.0) for Windows and Macintosh. Adobe is not aware of any attacks exploiting these vulnerabilities against Adobe Illustrator.

These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2012-0780).

These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2012-2023).

These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2012-2024).

These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2012-2025).

These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2012-2026).

These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2012-2042).

Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

revisions

June 4, 2012 - Added information on release of updates for Adobe Illustrator CS5 (15.0.x) and CS5.5 (15.1)
May 23, 2012 - Added information on CVE-2012-2042
May 11, 2012 - Added information on update to Adobe Illustrator CS5.x.
May 8, 2012 - Bulletin released