Threat Research

FortiGuard Labs Discovers Multiple Critical Zero Day Vulnerabilities in Adobe Illustrator

By Kushal Arvind Shah | May 12, 2021

FortiGuard Labs Threat Research Report

Affected platforms: Windows 
Impacted parties:    Users of Adobe Illustrator 2021, versions 25.2 and earlier
Impact:                    Multiple Vulnerabilities leading to Arbitrary Code Execution
Severity level:          Critical

Earlier this year, in February of 2021, I discovered and reported multiple critical zero-day vulnerabilities in Adobe Illustrator to Adobe, Inc. This past Tuesday, May 11, 2021, Adobe released several security patches that fixed these vulnerabilities. They are identified as CVE-2021-21103, CVE-2021-21104, and CVE-2021-21105. All these vulnerabilities have different root causes related to a variety of Illustrator Plugins. Due to the critical rating of these vulnerabilities, we suggest users apply the Adobe patches as soon as possible. 

Following are some details on these vulnerabilities. More information can be found on the related Fortinet Zero Day Advisory pages by clicking on the CVE links, below: -

CVE-2021-21103:

This is a Memory Corruption vulnerability that exists in the decoding of Computer Graphics Metafile ‘CGM’ files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CGM file, which causes an Out of Bounds Read memory access due to an improper bounds check. The specific vulnerability exists in the ‘Reader_for_CGM’ plugin. 

Attackers can exploit this vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, a control-flow hijack, or an information leak attack.

A remote attacker may also be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted CGM file.

Fortinet previously released IPS signature Adobe.Illustrator.CVE-2021-21103.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2021-21104:

This is a Memory Corruption vulnerability that exists in the decoding of Adobe Illustrator ‘AI’ files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed AI file, which causes an Out of Bounds Write memory access due to improper bounds check. 

Attackers can exploit this vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, a control-flow hijack, or an information leak attack.

A remote attacker may also be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted AI file.

Fortinet previously released IPS signature Adobe.Illustrator.CVE-2021-21104.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2021-21105:

This is a Memory Corruption vulnerability that exists in the decoding of Postscript ‘PS’ files in Adobe Illustrator. Specifically, this vulnerability is caused by a malformed PS file, which causes an Out of Bounds Write memory access due to improper bounds check. This specific vulnerability exists in the ‘MPS’ plugin. 

Attackers can exploit this vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, a control-flow hijack, or an information leak attack.

A remote attacker may also be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PS file.

Fortinet previously released IPS signature Adobe.Illustrator.CVE-2021-21105.Memory.Corruption for this specific vulnerability to proactively protect our customers.

 

Learn more about Fortinet’s FortiGuard Labs threat research and intelligence organization and the FortiGuard Security Subscriptions and Services portfolio.

Learn more about Fortinet’s free cybersecurity training initiative or about the Fortinet NSE Training programSecurity Academy program, and Veterans program.