The version of Adobe Illustrator installed on the remote Windows host is prior to 25.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB20-53 advisory.

  - Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when     parsing crafted PDF files. This could result in a read past the end of an allocated memory structure,     potentially resulting in arbitrary code execution in the context of the current user. This vulnerability     requires user interaction to exploit. (CVE-2020-24409, CVE-2020-24410)

  - Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds write vulnerability when     handling crafted PDF files. This could result in a write past the end of an allocated memory structure,     potentially resulting in arbitrary code execution in the context of the current user. This vulnerability     requires user interaction to exploit. (CVE-2020-24411)

  - Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that     occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the     context of the current user. This vulnerability requires user interaction to exploit. (CVE-2020-24412,     CVE-2020-24413, CVE-2020-24414, CVE-2020-24415)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Adobe Illustrator < 25.0 Multiple Vulnerabilities (APSB20-53)

high Nessus Plugin ID 141804

Version 1.6