Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
History

Mon, 16 Sep 2024 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Microsoft
Microsoft windows

Fri, 13 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe illustrator
CPEs cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*
Vendors & Products Adobe
Adobe illustrator
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 13 Sep 2024 08:45:00 +0000

Type Values Removed Values Added
Description Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Illustrator | Integer Underflow (Wrap or Wraparound) (CWE-191)
Weaknesses CWE-191
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2024-09-13T08:37:33.748Z

Updated: 2024-09-13T14:27:03.847Z

Reserved: 2024-07-22T17:16:40.938Z

Link: CVE-2024-41857

cve-icon Vulnrichment

Updated: 2024-09-13T14:26:53.309Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-13T09:15:09.350

Modified: 2024-09-16T13:18:35.007

Link: CVE-2024-41857

cve-icon Redhat

No data.