CVE-2024-49538: 
Adobe Illustrator vulnerability analysis and mitigation

Adobe Illustrator versions 29.0.0, 28.7.2 and earlier contain an out-of-bounds write vulnerability identified as CVE-2024-49538. The vulnerability was disclosed on December 10, 2024, and affects both Windows and macOS operating systems. This security flaw requires user interaction, specifically opening a malicious file, to be exploited (NVD, CVE Mitre).

The vulnerability is classified as an out-of-bounds write issue (CWE-787). Adobe Systems Incorporated has assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This scoring indicates that while local access and user interaction are required, the vulnerability can potentially impact confidentiality, integrity, and availability with high severity (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. This means an attacker could potentially execute malicious code with the same privileges as the user running Adobe Illustrator (NVD).

Adobe has addressed this vulnerability in versions after 28.7.2. Users are advised to update their Adobe Illustrator installations to the latest version to mitigate this security risk (Adobe Advisory).