FortiGuard Labs Discovers Multiple Critical Vulnerabilities in Adobe Illustrator CC 2020

FortiGuard Labs Threat Analysis Report

Affected platforms:       Windows 10 and Windows 7 OS
Impacted parties:          Users of Adobe Illustrator CC 2020 versions 24.0.2 and earlier
Impact:                          Multiple Vulnerabilities leading to Arbitrary Code Execution.
Severity level:                Critical

This past January I discovered and reported multiple critical zero-day vulnerabilities in Adobe Illustrator CC 2020. This past Tuesday (April 28, 2020), Adobe released several out-of-band security patches that fixed these issues. These vulnerabilities are identified as CVE-2020-9570, CVE-2020-9571, CVE-2020-9572, CVE-2020-9573 and CVE-2020-9574. All these vulnerabilities have different root causes related to a multitude of Illustrator Plugins. Due to the critical rating of these vulnerabilities, we suggest users apply these Adobe patches as soon as possible. 

Following are additional details of these vulnerabilities: -

CVE-2020-9570

This Memory Corruption vulnerability exists in the decoding of PCX files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed PCX file, which causes an Out of Bounds Write memory access due to an improper bounds check. This specific vulnerability exists in the ‘PCX’ plugin. 

Attackers can exploit this vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, a control-flow hijack, or an information leak attack.

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCX file.

Fortinet already released IPS signature Adobe.Illustrator.CVE-2020-9570.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

CVE-2020-9571

This Memory Corruption vulnerability exists in the decoding of PCT files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed PCT file, which causes an Out of Bounds memory access due to an improper bounds check. This specific vulnerability exists in the ‘MPS’ plugin. 

Attackers can exploit this vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, a control-flow hijack, or an information leak attack.

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCT file.

Fortinet already released IPS signature Adobe.Illustrator.CVE-2020-9571.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

CVE-2020-9572

This Heap Memory Corruption vulnerability exists in the Adobe Illustrator ‘PCT’ plugin. Specifically, the vulnerability is caused by a malformed PCT file, which causes an Out of Bounds Write memory access due to an improper bounds checking when manipulating a pointer to a heap allocated buffer. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCT file.

Fortinet already released IPS signature Adobe.Illustrator.CVE-2020-9572.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

CVE-2020-9573 : -

This Memory Corruption vulnerability exists in the decoding of PCT files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed PCT file, which causes an Out of Bounds memory access due to an improper bounds check. The specific vulnerability exists in the ‘MPS’ plugin. 

Attackers can exploit this vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, a control-flow hijack, or an information leak attack.

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCT file.

Fortinet already released IPS signature Adobe.Illustrator.CVE-2020-9573.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

CVE-2020-9574 : -

This Memory Corruption vulnerability exists in the decoding of PostScript (PS) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed PS file, which causes an Out of Bounds Write memory access due to improper bounds check. The specific vulnerability exists in the ‘MPS’ plugin. 

Attackers can exploit the vulnerability by using the out of bounds access for unintended writes or frees, potentially leading to code corruption, a control-flow hijack, or an information leak attack.

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PS file.

Fortinet already released IPS signature Adobe.Illustrator.CVE-2020-9574.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

Solutions

FortiGuard Labs is committed to ongoing threat research and analysis to provide critical threat intelligence to our customers and the cybersecurity community. The zero-day vulnerabilities outlined in this report are part of these efforts. While FortiGate IPS customers already have updated IPS signatures in place, we strongly encourage all Adobe Illustrator customers to apply these recently released patches as soon as possible. 

Learn more about FortiGuard Labs threat research and the FortiGuard Security Subscriptions and Services portfolio. Sign up for the weekly Threat Brief from FortiGuard Labs. 

Learn more about Fortinet’s free cybersecurity training initiative or about the Fortinet Network Security Expert program, Network Security Academy program, and FortiVet program.