Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: Adobe Illustrator CS5 15.x
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Programs
See the original Secunia vulnerability report for:
Adobe Illustrator CS5 15.x
|
Relating to this vendor: Adobe Systems |
And, this specific program: Adobe Illustrator CS5 15.x |
| Secunia | Adobe Illustrator CS5 15.x |
|---|---|
 |
9th May, 2012 15:23 |
|
Ranking: 0 Posts: 0 User Since: - System Score: - Location: Copenhagen, DK |
Vulnerability report: Adobe Illustrator CS5 15.x |
| berlincount | RE: Adobe Illustrator CS5 15.x | ||||||||
|
9th May, 2012 15:23 | ||||||||
| Score: 0 Posts: 1 User Since: 9th May 2012 System Score: N/A Location: DE Last edited on 9th May, 2012 15:23 |
I don't think you should list this product (suite) as end-of-life. It's still supported, and a lot of people will not upgrade from CS5 to CS6 for monetary reasons. Please stop warning about any CS5 product! | ||||||||
|
|||||||||
| RE: Adobe Illustrator CS5 15.x | [+] |
|
| This reply has been deleted | ||
| ddmarshall | RE: Adobe Illustrator CS5 15.x | ||||||||
|
9th May, 2012 19:41 | ||||||||
| Score: 1126 Posts: 910 User Since: 8th Nov 2008 System Score: 100% Location: UK |
It's end of life from the PSI point of view because Adobe have stopped issuing patches for it. This is a quote from their latest Security Bulletin: Adobe has released Adobe Illustrator CS6, which addresses these vulnerabilities. For users who cannot upgrade to Adobe Illustrator CS6, Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources. http://www.adobe.com/support/security/bulletins/ap... I think it is better that people are notified that they are using insecure software. Good luck with exercising caution. -- This answer is provided “as-is.” You bear the risk of using it. |
||||||||
|
|||||||||
| ott-group | RE: Adobe Illustrator CS5 15.x | ||||||||
|
|
10th May, 2012 14:09 | ||||||||
| Score: 1 Posts: 19 User Since: 2nd Sep 2010 System Score: N/A Location: UK |
1. It's not just Illustrator but also the Photoshop (32 and 64 bit) components of CS5 (in my case CS5.5 Web Premium) that are marked EOL. 2. CS 5 Dreamweaver, Fireworks and Flash components are still designated "Patched" i.e. not EOL. 3. No CS6 (Design & Web Premium) components are recognized at all. Given that PSI has been so quick off the mark in declaring some CS5 components EOL, why is it not recognizing any new CS6 installations? Yes, this is after several full scans. Using PSI 2.0.0.3003 |
||||||||
|
|||||||||
| ddmarshall | RE: Adobe Illustrator CS5 15.x | ||||||||
|
|
10th May, 2012 17:04 | ||||||||
| Score: 1126 Posts: 910 User Since: 8th Nov 2008 System Score: 100% Location: UK |
Have you sent a program suggestion to Secunia? http://secunia.com/vulnerability_scanning/personal... Flash Professional CS5.5 (11.5.1.349) is vulnerable. If it's not being detected, I suggest you email support@secunia.com. http://www.adobe.com/support/security/bulletins/ap... -- This answer is provided “as-is.” You bear the risk of using it. |
||||||||
|
|||||||||
| ott-group | RE: Adobe Illustrator CS5 15.x | ||||||||
|
|
10th May, 2012 19:50 | ||||||||
| Score: 1 Posts: 19 User Since: 2nd Sep 2010 System Score: N/A Location: UK Last edited on 10th May, 2012 19:53 |
on 10th May, 2012 17:04, ddmarshall wrote: Have you sent a program suggestion to Secunia? http://secunia.com/vulnerability_scanning/personal... Flash Professional CS5.5 (11.5.1.349) is vulnerable. If it's not being detected, I suggest you email support@secunia.com. http://www.adobe.com/support/security/bulletins/ap... Well, not yet as I have have only just learnt of the vulnerability from your good self (the CS5 application *is* detected, just flagged as patched). No CS6 applications are being detected vulnerable or patched. I thought the whole point of PSI was for Secunia to inform me of vulnerabilities via PSI, not the other way around (the bulletin you referenced is dated May 8th so it's not been posted in the last few hours) . There is no fix for CS5 Flash Professional so it should presumably be EOL'd. That raises the question will, for example, CS5 Dreamweaver only be EOL'd when it's subject to specific non-patched vulnerability? |
||||||||
|
|||||||||
| ddmarshall | RE: Adobe Illustrator CS5 15.x | ||||||||
|
|
10th May, 2012 22:28 | ||||||||
| Score: 1126 Posts: 910 User Since: 8th Nov 2008 System Score: 100% Location: UK |
Illustrator CS6 is already in the Secunia database. I suggested you send a missing program report to Secunia as there must be a problem with their detection rules if it's not being picked up on your system. Similarly, the Flash Professional CS5 vulnerability is in the database http://secunia.com/advisories/product/30317/?task=... So, if you have it, it should be reported as unpatched. -- This answer is provided “as-is.” You bear the risk of using it. |
||||||||
|
|||||||||
| ott-group | RE: Adobe Illustrator CS5 15.x | ||||||||
|
|
11th May, 2012 13:43 | ||||||||
| Score: 1 Posts: 19 User Since: 2nd Sep 2010 System Score: N/A Location: UK |
Just sent the following to Secunia Support: Hello Secunia support, Issues originally noted under PSI 2.0.0.3003; just upgraded to 2.0.0.4003 and issue unchanged. Issues first reported by me as responses to this thread: http://secunia.com/community/forum/thread/show/126... or http://preview.tinyurl.com/7h42e8z There are two related issues: 1. CS5[.5] Web Premium. Although Illustrator CS5 and Photoshop CS5 (both 32 and 64 bit) are designated EOL, Flash CS5 which currently has an unpatched vulnerability is designated 'patched'. Other CS5 apps are also marked patched when they should possibly be marked EOL since Adobe is apparently now only issuing security patches for CS6 applications. For references see above forum thread. Screencap of Scan results also attached. 2. CS6 Design and Web Premium. No CS6 applications are being recognised even though solutions to all outstanding CS5 vulnerability are to upgrade to the equivalent CS6 application. NB. Major CS upgrades (eg CS5 to CS6) are *not* applied by overwriting previous versions. With a few provisos both versions can co-exist and there are a number of reasons why this is desirable. Regards, Chris |
||||||||
|
|||||||||
| ott-group | RE: Adobe Illustrator CS5 15.x | ||||||||
|
|
11th May, 2012 19:27 | ||||||||
| Score: 1 Posts: 19 User Since: 2nd Sep 2010 System Score: N/A Location: UK Last edited on 12th May, 2012 14:46 |
I give up! I made the 'mistake' of including a screencap of the scan results: Hi. This is the qmail-send program at mail.secunia.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <support@secunia.local>: 192.168.53.105 failed after I sent the message. Remote host said: 550 5.7.1 Message rejected due to content restrictions It was sent from the address in my 'Secunia Community Profile'. Well, I've already spent too much time on this so Secunia will have to pick the ball up from this thread. [UPDATE] I have raised CS6 and CS5 issues in a new thread: http://secunia.com/community/forum/thread/show/126... |
||||||||
|
|||||||||
| ddmarshall | RE: Adobe Illustrator CS5 15.x | ||||||||
|
|
12th May, 2012 17:45 | ||||||||
| Score: 1126 Posts: 910 User Since: 8th Nov 2008 System Score: 100% Location: UK |
It looks like Adobe have had a rethink about requiring an update to CS6. They now state they are working on patches for CS5. Links to the updated bulletins from here: http://blogs.adobe.com/psirt/2012/05/update-to-sec... -- This answer is provided “as-is.” You bear the risk of using it. |
||||||||
|
|||||||||
| Geoman | fixed! | ||||||||
|
|
5th Jun, 2012 14:19 | ||||||||
| Score: 0 Posts: 4 User Since: 8th Jun 2010 System Score: 100% Location: DE |
http://www.adobe.com/support/security/bulletins/ap... | ||||||||
|
|||||||||
| ott-group | RE: Adobe Illustrator CS5 15.x | ||||||||
|
|
5th Jun, 2012 16:49 | ||||||||
| Score: 1 Posts: 19 User Since: 2nd Sep 2010 System Score: N/A Location: UK |
on 5th Jun, 2012 14:19, Geoman wrote: http://www.adobe.com/support/security/bulletins/ap... Not entirely. Fix applied but rescan with PSI Beta (yes, I know! :-( reverting back when I can find the time) leaves Illustrator as still requiring updating. This is possibly due to Adobe not updating the version number; executable has modifed date as 18/05/2012 but version I'm pretty sure unchanged as 15.1.1.39. Note that the same has happened with the parallel Photoshop updates, i.e. no version number changed and PSI still reporting as needing updating. |
||||||||
|
|||||||||
| Geoman | RE: Adobe Illustrator CS5 15.x | ||||||||
|
|
5th Jun, 2012 16:56 | ||||||||
| Score: 0 Posts: 4 User Since: 8th Jun 2010 System Score: 100% Location: DE |
there was a version number increase, but secunia has to put it off the EOL-Software list imho... | ||||||||
|
|||||||||
