Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Adobe Illustrator CS5 15.x

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

See the original Secunia vulnerability report for:
Adobe Illustrator CS5 15.x

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Illustrator CS5 15.x

Secunia Adobe Illustrator CS5 15.x
Secunia Official 9th May, 2012 15:23
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
Vulnerability report: Adobe Illustrator CS5 15.x

berlincount RE: Adobe Illustrator CS5 15.x
Member 9th May, 2012 15:23
Score: 0
Posts: 1
User Since: 9th May 2012
System Score: N/A
Location: DE
Last edited on 9th May, 2012 15:23
I don't think you should list this product (suite) as end-of-life. It's still supported, and a lot of people will not upgrade from CS5 to CS6 for monetary reasons. Please stop warning about any CS5 product!
Was this reply relevant?
+0
-0

tommyjon

RE: Adobe Illustrator CS5 15.x
[+]
This reply has been deleted
ddmarshall RE: Adobe Illustrator CS5 15.x
Dedicated Contributor 9th May, 2012 19:41
Score: 1212
Posts: 967
User Since: 8th Nov 2008
System Score: 98%
Location: UK
It's end of life from the PSI point of view because Adobe have stopped issuing patches for it. This is a quote from their latest Security Bulletin:

Adobe has released Adobe Illustrator CS6, which addresses these vulnerabilities. For users who cannot upgrade to Adobe Illustrator CS6, Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources.

http://www.adobe.com/support/security/bulletins/ap...

I think it is better that people are notified that they are using insecure software. Good luck with exercising caution.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
ott-group RE: Adobe Illustrator CS5 15.x
Member 10th May, 2012 14:09
Score: 1
Posts: 19
User Since: 2nd Sep 2010
System Score: N/A
Location: UK
1. It's not just Illustrator but also the Photoshop (32 and 64 bit) components of CS5 (in my case CS5.5 Web Premium) that are marked EOL.

2. CS 5 Dreamweaver, Fireworks and Flash components are still designated "Patched" i.e. not EOL.

3. No CS6 (Design & Web Premium) components are recognized at all. Given that PSI has been so quick off the mark in declaring some CS5 components EOL, why is it not recognizing any new CS6 installations? Yes, this is after several full scans.

Using PSI 2.0.0.3003
Was this reply relevant?
+0
-0
ddmarshall RE: Adobe Illustrator CS5 15.x
Dedicated Contributor 10th May, 2012 17:04
Score: 1212
Posts: 967
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Have you sent a program suggestion to Secunia?

http://secunia.com/vulnerability_scanning/personal...


Flash Professional CS5.5 (11.5.1.349) is vulnerable. If it's not being detected, I suggest you email support@secunia.com.
http://www.adobe.com/support/security/bulletins/ap...

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
ott-group RE: Adobe Illustrator CS5 15.x
Member 10th May, 2012 19:50
Score: 1
Posts: 19
User Since: 2nd Sep 2010
System Score: N/A
Location: UK
Last edited on 10th May, 2012 19:53
on 10th May, 2012 17:04, ddmarshall wrote:
Have you sent a program suggestion to Secunia?

http://secunia.com/vulnerability_scanning/personal...


Flash Professional CS5.5 (11.5.1.349) is vulnerable. If it's not being detected, I suggest you email support@secunia.com.
http://www.adobe.com/support/security/bulletins/ap...


Well, not yet as I have have only just learnt of the vulnerability from your good self (the CS5 application *is* detected, just flagged as patched). No CS6 applications are being detected vulnerable or patched. I thought the whole point of PSI was for Secunia to inform me of vulnerabilities via PSI, not the other way around (the bulletin you referenced is dated May 8th so it's not been posted in the last few hours) .

There is no fix for CS5 Flash Professional so it should presumably be EOL'd. That raises the question will, for example, CS5 Dreamweaver only be EOL'd when it's subject to specific non-patched vulnerability?
Was this reply relevant?
+0
-0
ddmarshall RE: Adobe Illustrator CS5 15.x
Dedicated Contributor 10th May, 2012 22:28
Score: 1212
Posts: 967
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Illustrator CS6 is already in the Secunia database. I suggested you send a missing program report to Secunia as there must be a problem with their detection rules if it's not being picked up on your system.

Similarly, the Flash Professional CS5 vulnerability is in the database
http://secunia.com/advisories/product/30317/?task=...
So, if you have it, it should be reported as unpatched.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
ott-group RE: Adobe Illustrator CS5 15.x
Member 11th May, 2012 13:43
Score: 1
Posts: 19
User Since: 2nd Sep 2010
System Score: N/A
Location: UK
Just sent the following to Secunia Support:

Hello Secunia support,

Issues originally noted under PSI 2.0.0.3003; just upgraded to 2.0.0.4003 and issue unchanged.

Issues first reported by me as responses to this thread:

http://secunia.com/community/forum/thread/show/126...
or
http://preview.tinyurl.com/7h42e8z

There are two related issues:

1. CS5[.5] Web Premium. Although Illustrator CS5 and Photoshop CS5 (both 32 and 64 bit) are designated EOL, Flash CS5 which currently has an unpatched vulnerability is designated 'patched'. Other CS5 apps are also marked patched when they should possibly be marked EOL since Adobe is apparently now only issuing security patches for CS6 applications.

For references see above forum thread. Screencap of Scan results also attached.

2. CS6 Design and Web Premium. No CS6 applications are being recognised even though solutions to all outstanding CS5 vulnerability are to upgrade to the equivalent CS6 application. NB. Major CS upgrades (eg CS5 to CS6) are *not* applied by overwriting previous versions. With a few provisos both versions can co-exist and there are a number of reasons why this is desirable.

Regards,

Chris
Was this reply relevant?
+0
-0
ott-group RE: Adobe Illustrator CS5 15.x
Member 11th May, 2012 19:27
Score: 1
Posts: 19
User Since: 2nd Sep 2010
System Score: N/A
Location: UK
Last edited on 12th May, 2012 14:46
I give up! I made the 'mistake' of including a screencap of the scan results:

Hi. This is the qmail-send program at mail.secunia.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<support@secunia.local>:
192.168.53.105 failed after I sent the message.
Remote host said: 550 5.7.1 Message rejected due to content restrictions

It was sent from the address in my 'Secunia Community Profile'. Well, I've already spent too much time on this so Secunia will have to pick the ball up from this thread.

[UPDATE]

I have raised CS6 and CS5 issues in a new thread:

http://secunia.com/community/forum/thread/show/126...
Was this reply relevant?
+0
-0
ddmarshall RE: Adobe Illustrator CS5 15.x
Dedicated Contributor 12th May, 2012 17:45
Score: 1212
Posts: 967
User Since: 8th Nov 2008
System Score: 98%
Location: UK
It looks like Adobe have had a rethink about requiring an update to CS6. They now state they are working on patches for CS5.
Links to the updated bulletins from here:
http://blogs.adobe.com/psirt/2012/05/update-to-sec...

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
Geoman fixed!
Member 5th Jun, 2012 14:19
Score: 0
Posts: 4
User Since: 8th Jun 2010
System Score: 100%
Location: DE
http://www.adobe.com/support/security/bulletins/ap...
Was this reply relevant?
+0
-0
ott-group RE: Adobe Illustrator CS5 15.x
Member 5th Jun, 2012 16:49
Score: 1
Posts: 19
User Since: 2nd Sep 2010
System Score: N/A
Location: UK
on 5th Jun, 2012 14:19, Geoman wrote:
http://www.adobe.com/support/security/bulletins/ap...


Not entirely. Fix applied but rescan with PSI Beta (yes, I know! :-( reverting back when I can find the time) leaves Illustrator as still requiring updating. This is possibly due to Adobe not updating the version number; executable has modifed date as 18/05/2012 but version I'm pretty sure unchanged as 15.1.1.39.

Note that the same has happened with the parallel Photoshop updates, i.e. no version number changed and PSI still reporting as needing updating.
Was this reply relevant?
+0
-0
Geoman RE: Adobe Illustrator CS5 15.x
Member 5th Jun, 2012 16:56
Score: 0
Posts: 4
User Since: 8th Jun 2010
System Score: 100%
Location: DE
there was a version number increase, but secunia has to put it off the EOL-Software list imho...
Was this reply relevant?
+0
-0


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer