Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Adobe Bridge Vulnerabilities
June 20, 2022
Rewterz
Rewterz Threat Advisory – Multiple Adobe InDesign Vulnerabilities
June 20, 2022

Rewterz Threat Advisory – Multiple Adobe Illustrator Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-30637 CVSS:7.8
Adobe Illustrator could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2022-30638 CVSS:7.8
Adobe Illustrator could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2022-30639 CVSS:7.8
Adobe Illustrator could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2022-30641 CVSS:7.8
Adobe Illustrator could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2022-30642 CVSS:7.8
Adobe Illustrator could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2022-30643 CVSS:7.8
Adobe Illustrator could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2022-30643 CVSS:7.8
Adobe Illustrator could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2022-30644 CVSS:7.8
Adobe Illustrator could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2022-30645 CVSS:7.8
Adobe Illustrator could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2022-30647 CVSS:7.8
Adobe Illustrator could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2022-30648 CVSS:7.8
Adobe Illustrator could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2022-30649 CVSS:7.8
Adobe Illustrator could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2022-30666 CVSS:5.5
Adobe Illustrator could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2022-3067 CVSS:5.5
Adobe Illustrator could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2022-30668 CVSS:5.5
Adobe Illustrator could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.

CVE-2022-30669 CVSS:5.5
Adobe Illustrator could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information.

Impact

  • Code Execution
  • Information Disclsoure

Indicators Of Compromise

CVE

  • CVE-2022-30637
  • CVE-2022-30638
  • CVE-2022-30639
  • CVE-2022-30641
  • CVE-2022-30642
  • CVE-2022-30643
  • CVE-2022-30644
  • CVE-2022-30645
  • CVE-2022-30647
  • CVE-2022-30648
  • CVE-2022-30649
  • CVE-2022-30666
  • CVE-2022-30667
  • CVE-2022-30668
  • CVE-2022-30669

Affected Vendors

Adobe

Affected Products

  • Adobe Illustrator 2021 25.4.5
  • Adobe Illustrator 2022 26.0.2

Remediation

Refer to Adobe Security Bulletin for patch, upgrade or suggested workaround information.
Adobe Security Bulletin