Below are the key details regarding the vulnerability: - **Vulnerability Title**: - Adobe Illustrator PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability - **Identifiers**: - **ZDI ID**: ZDI-20-1272 - **Candidate ID**: ZDI-CAN-11477 - **CVE ID**: CVE-2020-24410 - **CVSS Assessment**: - **CVSS Score**: 7.8 - **Vector String**: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - **Affected Information**: - **Vendor**: Adobe - **Product**: Illustrator - **Vulnerability Details**: - This vulnerability allows remote attackers to execute arbitrary code on affected instances of Adobe Illustrator. Exploitation requires user interaction (e.g., visiting a malicious webpage or opening a malicious file). The vulnerability specifically resides in the PDF file parsing process, where insufficient validation of user-supplied data can lead to reading data beyond the allocated structure's boundary. Attackers can exploit this to execute code within the context of the current process. - **Additional Information**: - Adobe has released updates to fix this vulnerability. For more details, please refer to: - [https://helpx.adobe.com/security/products/illustrator/apsb20-53.html](https://helpx.adobe.com/security/products/illustrator/apsb20-53.html) - **Disclosure Timeline**: - **2020-07-10**: Vulnerability reported to vendor - **2020-10-22**: Coordinated public advisory release - **Discovery Contributor**: - Tran Van Khang - khangkito, from VinCSS (a member of Vingroup)