1- Adobe Flash Player APSB09-19 Multiple Unspecified Remote Vulnerabilities (Published: Dec 03 2009 | Updated: Dec 03 2009)
Adobe has released advance notification that on December 8, 2009, the vendor will be releasing an advisory addressing multiple vulnerabilities affecting Flash Player and AIR. The highest severity rating of these issues is ‘Critical’.
The following products are affected:
Adobe Flash Player 10.0.32.18 and prior
Adobe AIR 1.5.2 and prior
2- Adobe Illustrator Encapsulated Postscript File Remote Buffer Overflow Vulnerability (Published: Dec 02 2009 | Updated: Dec 03 2009)
Adobe Illustrator is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious Encapsulated PostScript file.
Successfully exploiting this issue will allow attackers to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects Illustrator CS4 14.0.0 and CS3 13.0.0; other versions may also be affected.
UPDATE (December 3, 2009): Adobe reports that they are investigating this issue. We will update this BID pending further information.