Threat Research

Multiple Critical Vulnerabilities in Adobe Illustrator and After Effects Products

By Peixue Li | June 17, 2020

FortiGuard Labs Threat Research Report

Affected platforms:  Windows 
Impacted parties:     Users of Adobe Illustrator 2020 versions 24.1.2 and earlier, Adobe After Effects versions 17.1 and earlier
Impact:                     Multiple Vulnerabilities leading to Arbitrary Code Execution
Severity level:           Critical

This Tuesday (June 16, 2020), Adobe released out-of-band security updates to address 18 critical vulnerabilities in multiple products. Seven of them were discovered by FortiGuard Labs researchers Honggang Ren, Kushal Arvind Shah, and Yonghui Han. These vulnerabilities were discovered in Adobe’s Illustrator and After Effects solutions.

Illustrator is a vector graphics editor developed and published by Adobe Systems for macOS and Windows. The five vulnerabilities FortiGuard Labs discovered in Adobe Illustrator are identified as CVE-2020-9639, CVE-2020-9640, CVE-2020-9641, CVE-2020-9642, and CVE-2020-9575. 

After Effects is a video-editing application developed and published by Adobe Systems for macOS and Windows. The two vulnerabilities FortiGuard Labs discovered in Adobe After Effects are identified as CVE-2020-9637 and CVE-2020-9638.

Overview of the Vulnerabilities Discovered in Adobe Illustrator and After Effects Products

Due to the critical rating of the following vulnerabilities, we suggest users apply the Adobe patches as soon as possible. Following are additional details of these vulnerabilities:

CVE-2020-9575

This Memory Corruption vulnerability exists in the decoding of SVG files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed SVG file that causes an Out of Bounds memory access due to an improper bounds check. This specific vulnerability exists in the ‘SVG’ plugin. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted SVG file.

Fortinet already released IPS signature Adobe.Illustrator.CVE-2020-9575.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

CVE-2020-9642

This Stack Overrun vulnerability exists in the decoding of DWG files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed DWG file that causes a stack overrun due to an improper bounds check. The specific vulnerability exists in the library TD_Db_3.05src_10.dll, which is a Plug-In parsing the DWG format file in Illustrator. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted DWG file.

Fortinet already released IPS signature Adobe.Illustrator.CVE-2020-9642.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

CVE-2020-9641

This Memory Corruption vulnerability exists in the decoding of DWG files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed DWG file that causes an Out of Bounds memory access due to an improper bounds check. The specific vulnerability exists in the library TD_Db_3.05src_10.dll, which is a Plug-In parsing the DWG format file in Illustrator. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted DWG file.

Fortinet already released IPS signature Adobe.Illustrator.CVE-2020-9641.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

CVE-2020-9640

This Memory Corruption vulnerability exists in the decoding of DWG files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed DWG file that causes an Out of Bounds memory access due to an improper bounds check. The specific vulnerability exists in the library TD_Db_3.05src_10.dll, which is a Plug-In parsing the DWG format file in Illustrator. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted DWG file.

Fortinet already released IPS signature Adobe.Illustrator.CVE-2020-9640.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

CVE-2020-9639

This Memory Corruption vulnerability exists in the decoding of DWG files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed DWG file that causes an Out of Bounds memory access due to an improper bounds check. The specific vulnerability exists in the library TD_Db_3.05src_10.dll, which is a Plug-In parsing the DWG format file in Illustrator. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted DWG file.

Fortinet already released IPS signature Adobe.Illustrator.CVE-2020-9639.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

CVE-2020-9637

This Heap Overflow vulnerability exists in the decoding of AEPX files in Adobe After Effects. Specifically, the vulnerability is caused by a malformed AEPX file that causes a Heap Overflow due to an improper bounds check. The specific vulnerability exists in the AfterFXLib module. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted AEPX file.

Fortinet already released IPS signature Adobe.After.Effects.CVE-2020-9637.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

CVE-2020-9638

This Heap Overflow vulnerability exists in the decoding of AEPX files in Adobe After Effects. Specifically, the vulnerability is caused by a malformed AEPX file that causes a Heap Overflow due to an improper bounds check. The specific vulnerability exists in the AfterFXLib module. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted AEPX file.

Fortinet already released IPS signature Adobe. After.Effects.CVE-2020-9638.Memory.Corruption for this specific vulnerability to proactively protect our customers before the patch became available.

Solutions to the Vulnerabilities Found in Adobe Illustrator and After Effects Products

FortiGuard Labs is committed to ongoing threat research and analysis to provide critical threat intelligence to our customers and the cybersecurity community. The zero-day vulnerabilities outlined in this report are part of these efforts. While FortiGate IPS customers already have updated IPS signatures for them in place, we strongly encourage all Adobe Illustrator and After Effects customers to apply these recently released patches as soon as possible. 

FortiGuard Labs’ dedicated zero-day vulnerability research team was formed in 2006 as a white hat ethical hacking approach. The goal of this program is to harden security by discovering zero-day vulnerabilities in software/hardware before black hat attackers do. By beating attackers at their own game, FortiGuard Labs is able to provide virtual patch protection for discovered flaws ­– usually through IPS controls – before any patches are available.

FortiGuard Labs also has a robust responsible disclosure policy in place as part of our white hat ethical practice, meaning that any discovered zero-day vulnerability will be reported to the affected vendor(s). By doing so, FortiGuard Labs has created strong relationships with vendors, enabling us to work together to close security holes and harden products through proactive research. Unlike black hat or gray hat approaches of selling these vulnerabilities, FortiGuard Labs solely uses them to provide virtual patches to our customers using the Fortinet Security Fabric with FortiGuard subscription services. 

Learn more about FortiGuard Labs threat research and the FortiGuard Security Subscriptions and Services portfolioSign up for the weekly Threat Brief from FortiGuard Labs. 

Learn more about Fortinet’s free cybersecurity training initiative or about the Fortinet Network Security Expert programNetwork Security Academy program, and FortiVet program.