CVE-2020-9639: 
Adobe Illustrator vulnerability analysis and mitigation

Adobe Illustrator versions 24.1.2 and earlier were found to contain a memory corruption vulnerability identified as CVE-2020-9639. The vulnerability was discovered and disclosed in June 2020, affecting the Windows platform. This critical security flaw was specifically located in the TDDb3.05src_10.dll library, which is a plug-in responsible for parsing DWG format files in Illustrator (Fortinet Labs, NVD).

The vulnerability is characterized as an Out-of-bounds Write (CWE-787) that occurs during the decoding of DWG files in Adobe Illustrator. The issue stems from an improper bounds check that leads to Out of Bounds memory access when processing malformed DWG files. The vulnerability received a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

Successful exploitation of this vulnerability could lead to arbitrary code execution within the context of the application. An attacker could potentially execute malicious code with the same privileges as the affected application, potentially compromising the system's security (Fortinet Labs).

Adobe addressed this vulnerability by releasing version 24.2 of Illustrator. Users are strongly encouraged to update to this version or later to protect against potential exploitation. Additionally, Fortinet released an IPS signature named Adobe.Illustrator.CVE-2020-9639.Memory.Corruption to protect their customers before the patch became available (Threatpost, Fortinet Labs).

The vulnerability was part of a larger security update from Adobe that addressed 18 critical vulnerabilities across multiple products. The security community noted the significance of these patches, with Adobe releasing them as an out-of-band update. At the time of disclosure, Adobe stated they were not aware of any exploits in the wild for any of these vulnerabilities (Threatpost).