CVE-2022-30649: 
Adobe Illustrator vulnerability analysis and mitigation

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) were identified with a critical vulnerability discovered in early 2022. The vulnerability, tracked as CVE-2022-30649, was reported to Adobe and subsequently patched on June 14, 2022. This security flaw affects both Windows and MacOS platforms (Fortinet Blog, Adobe Advisory).

The vulnerability is classified as an out-of-bounds write vulnerability that exists in the decoding of CorelDraw Drawing 'CDR' files in Adobe Illustrator. The security flaw occurs due to a malformed CDR file causing an out-of-bounds memory write resulting from an improper bounds check. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The attacker could potentially execute malicious code with the same privileges as the application user, potentially compromising the affected system (NVD, Fortinet Blog).

Adobe released security patches to address this vulnerability on June 14, 2022. Users are strongly advised to update to the latest version of Adobe Illustrator. Additionally, Fortinet has released IPS signature Adobe.Illustrator.CVE-2022-30649.Arbitrary.Code.Execution to protect their customers, and FortiEDR detects and prevents the exploitation of this vulnerability (Fortinet Blog).