Adobe Systems is planning to patch a zero-day security vulnerability affecting its Adobe Illustrator software by January.
The announcement comes a week after proof-of-concept exploit code began circulating the Web. According to Adobe, the buffer overflow vulnerability in Adobe Illustrator CS4 and CS3 can be exploited via a malicious Encapsulated PostScript (.eps) file in Illustrator to execute code.
“Adobe recommends customers avoid opening .eps files from unknown or untrusted sources in Illustrator until a patch is available,” the company stated in an advisory.
The company plans to resolve the issue with an update by Jan. 8, 2010.