vendor:
Adobe Illustrator CS4
by:
Nine:Situations:Group::pyrokinesis
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Adobe Illustrator CS4
Affected Version From: Adobe Illustrator CS4 (V14.0.0)
Affected Version To: Adobe Illustrator CS4 (V14.0.0)
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows XP SP3
Unknown
Adobe Illustrator CS4 (V14.0.0) Encapsulated Postscript (.eps) Overlong DSC Comment Buffer Overflow Exploit
An overlong string as DSC comment (more than 42000 bytes) results in a direct EIP overwrite. Exception is first-chance so the program will never crash. At the moment of the redirection EAX and ESI are user-controlled. This portion of the buffer begins with '%' (it is the next DSC comment) but as you can see the resulting pattern is nop-equivalent.
Mitigation:
Unknown