Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading

Vulnerability Report: Adobe Illustrator CS5 15.x

This vulnerability report for Adobe Illustrator CS5 15.x contains a complete overview of all Secunia advisories affecting it. You can use this vulnerability report to ensure that you are aware of all vulnerabilities, both patched and unpatched, affecting this product allowing you to take the necessary precautions.

If you have information about a new or an existing vulnerability in Adobe Illustrator CS5 15.x then you are more than welcome to contact us.


Table of Contents

1. Product Summary Only

2. Secunia Advisory Statistics (All time)
2.1. Statistics for 2014
2.2. Statistics for 2013
2.3. Statistics for 2012
2.4. Statistics for 2011
2.5. Statistics for 2010
2.6. Statistics for 2009
2.7. Statistics for 2008
2.8. Statistics for 2007
2.9. Statistics for 2006
2.10. Statistics for 2005
2.11. Statistics for 2004
2.12. Statistics for 2003

3. List of Secunia Advisories (All time)
3.1. List for 2014
3.2. List for 2013
3.3. List for 2012
3.4. List for 2011
3.5. List for 2010
3.6. List for 2009
3.7. List for 2008
3.8. List for 2007
3.9. List for 2006
3.10. List for 2005
3.11. List for 2004
3.12. List for 2003

4. Send Feedback
 
Vendor, Links, and Unpatched Vulnerabilities

Vendor Adobe Systems

Product Link View Here (Link to external site)

Affected By 2 Secunia advisories
7 Vulnerabilities

Monitor Product Receive alerts for this product

Unpatched 0% (0 of 2 Secunia advisories)

Most Critical Unpatched
There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..




Discuss this Product
A new thread in our forum is automatically created for each Product. Activate the thread by commenting/discussing below.
Subject: Adobe Illustrator CS5 15.x 
User Message
berlincount RE: Adobe Illustrator CS5 15.x
Member 9th May, 2012 15:23
Score: 0
Posts: 1
User Since: 9th May 2012
System Score: N/A
Location: DE
Last edited on 9th May, 2012 15:23
I don't think you should list this product (suite) as end-of-life. It's still supported, and a lot of people will not upgrade from CS5 to CS6 for monetary reasons. Please stop warning about any CS5 product!
Was this reply relevant?
+0
-0

tommyjon

RE: Adobe Illustrator CS5 15.x
[+]
This reply has been deleted
ddmarshall RE: Adobe Illustrator CS5 15.x
Dedicated Contributor 9th May, 2012 19:41
Score: 1211
Posts: 965
User Since: 8th Nov 2008
System Score: 98%
Location: UK
It's end of life from the PSI point of view because Adobe have stopped issuing patches for it. This is a quote from their latest Security Bulletin:

Adobe has released Adobe Illustrator CS6, which addresses these vulnerabilities. For users who cannot upgrade to Adobe Illustrator CS6, Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources.

http://www.adobe.com/support/security/bulletins/ap...

I think it is better that people are notified that they are using insecure software. Good luck with exercising caution.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
ott-group RE: Adobe Illustrator CS5 15.x
Member 10th May, 2012 14:09
Score: 1
Posts: 19
User Since: 2nd Sep 2010
System Score: N/A
Location: UK
1. It's not just Illustrator but also the Photoshop (32 and 64 bit) components of CS5 (in my case CS5.5 Web Premium) that are marked EOL.

2. CS 5 Dreamweaver, Fireworks and Flash components are still designated "Patched" i.e. not EOL.

3. No CS6 (Design & Web Premium) components are recognized at all. Given that PSI has been so quick off the mark in declaring some CS5 components EOL, why is it not recognizing any new CS6 installations? Yes, this is after several full scans.

Using PSI 2.0.0.3003
Was this reply relevant?
+0
-0
ddmarshall RE: Adobe Illustrator CS5 15.x
Dedicated Contributor 10th May, 2012 17:04
Score: 1211
Posts: 965
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Have you sent a program suggestion to Secunia?

http://secunia.com/vulnerability_scanning/personal...


Flash Professional CS5.5 (11.5.1.349) is vulnerable. If it's not being detected, I suggest you email support@secunia.com.
http://www.adobe.com/support/security/bulletins/ap...

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
ott-group RE: Adobe Illustrator CS5 15.x
Member 10th May, 2012 19:50
Score: 1
Posts: 19
User Since: 2nd Sep 2010
System Score: N/A
Location: UK
Last edited on 10th May, 2012 19:53
(unknown source)
Have you sent a program suggestion to Secunia?

http://secunia.com/vulnerability_scanning/personal...


Flash Professional CS5.5 (11.5.1.349) is vulnerable. If it's not being detected, I suggest you email support@secunia.com.
http://www.adobe.com/support/security/bulletins/ap...


Well, not yet as I have have only just learnt of the vulnerability from your good self (the CS5 application *is* detected, just flagged as patched). No CS6 applications are being detected vulnerable or patched. I thought the whole point of PSI was for Secunia to inform me of vulnerabilities via PSI, not the other way around (the bulletin you referenced is dated May 8th so it's not been posted in the last few hours) .

There is no fix for CS5 Flash Professional so it should presumably be EOL'd. That raises the question will, for example, CS5 Dreamweaver only be EOL'd when it's subject to specific non-patched vulnerability?
Was this reply relevant?
+0
-0
ddmarshall RE: Adobe Illustrator CS5 15.x
Dedicated Contributor 10th May, 2012 22:28
Score: 1211
Posts: 965
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Illustrator CS6 is already in the Secunia database. I suggested you send a missing program report to Secunia as there must be a problem with their detection rules if it's not being picked up on your system.

Similarly, the Flash Professional CS5 vulnerability is in the database
http://secunia.com/advisories/product/30317/?task=...
So, if you have it, it should be reported as unpatched.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
ott-group RE: Adobe Illustrator CS5 15.x
Member 11th May, 2012 13:43
Score: 1
Posts: 19
User Since: 2nd Sep 2010
System Score: N/A
Location: UK
Just sent the following to Secunia Support:

Hello Secunia support,

Issues originally noted under PSI 2.0.0.3003; just upgraded to 2.0.0.4003 and issue unchanged.

Issues first reported by me as responses to this thread:

http://secunia.com/community/forum/thread/show/126...
or
http://preview.tinyurl.com/7h42e8z

There are two related issues:

1. CS5[.5] Web Premium. Although Illustrator CS5 and Photoshop CS5 (both 32 and 64 bit) are designated EOL, Flash CS5 which currently has an unpatched vulnerability is designated 'patched'. Other CS5 apps are also marked patched when they should possibly be marked EOL since Adobe is apparently now only issuing security patches for CS6 applications.

For references see above forum thread. Screencap of Scan results also attached.

2. CS6 Design and Web Premium. No CS6 applications are being recognised even though solutions to all outstanding CS5 vulnerability are to upgrade to the equivalent CS6 application. NB. Major CS upgrades (eg CS5 to CS6) are *not* applied by overwriting previous versions. With a few provisos both versions can co-exist and there are a number of reasons why this is desirable.

Regards,

Chris
Was this reply relevant?
+0
-0
ott-group RE: Adobe Illustrator CS5 15.x
Member 11th May, 2012 19:27
Score: 1
Posts: 19
User Since: 2nd Sep 2010
System Score: N/A
Location: UK
Last edited on 12th May, 2012 14:46
I give up! I made the 'mistake' of including a screencap of the scan results:

Hi. This is the qmail-send program at mail.secunia.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<support@secunia.local>:
192.168.53.105 failed after I sent the message.
Remote host said: 550 5.7.1 Message rejected due to content restrictions

It was sent from the address in my 'Secunia Community Profile'. Well, I've already spent too much time on this so Secunia will have to pick the ball up from this thread.

[UPDATE]

I have raised CS6 and CS5 issues in a new thread:

http://secunia.com/community/forum/thread/show/126...
Was this reply relevant?
+0
-0
ddmarshall RE: Adobe Illustrator CS5 15.x
Dedicated Contributor 12th May, 2012 17:45
Score: 1211
Posts: 965
User Since: 8th Nov 2008
System Score: 98%
Location: UK
It looks like Adobe have had a rethink about requiring an update to CS6. They now state they are working on patches for CS5.
Links to the updated bulletins from here:
http://blogs.adobe.com/psirt/2012/05/update-to-sec...

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
Geoman fixed!
Member 5th Jun, 2012 14:19
Score: 0
Posts: 4
User Since: 8th Jun 2010
System Score: 100%
Location: DE
http://www.adobe.com/support/security/bulletins/ap...
Was this reply relevant?
+0
-0
ott-group RE: Adobe Illustrator CS5 15.x
Member 5th Jun, 2012 16:49
Score: 1
Posts: 19
User Since: 2nd Sep 2010
System Score: N/A
Location: UK


Not entirely. Fix applied but rescan with PSI Beta (yes, I know! :-( reverting back when I can find the time) leaves Illustrator as still requiring updating. This is possibly due to Adobe not updating the version number; executable has modifed date as 18/05/2012 but version I'm pretty sure unchanged as 15.1.1.39.

Note that the same has happened with the parallel Photoshop updates, i.e. no version number changed and PSI still reporting as needing updating.
Was this reply relevant?
+0
-0
Geoman RE: Adobe Illustrator CS5 15.x
Member 5th Jun, 2012 16:56
Score: 0
Posts: 4
User Since: 8th Jun 2010
System Score: 100%
Location: DE
there was a version number increase, but secunia has to put it off the EOL-Software list imho...
Was this reply relevant?
+0
-0

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer