Back

Adobe InCopy and Illustrator Vulnerabilities Enable Remote Code Execution

Severity: Medium (Score: 57.8)

Sources: Cybersecurity-Help.Cz

Summary

Two critical vulnerabilities have been identified in Adobe InCopy and Adobe Illustrator, both allowing remote code execution. The vulnerabilities stem from out-of-bounds read and write issues when parsing specially crafted files. Attackers can exploit these vulnerabilities by tricking users into opening malicious files, which requires user interaction. The CVE for the InCopy vulnerability is CVE-2026-27264, published on 2026-03-11. Users of Adobe InCopy and Illustrator are advised to install updates from the vendor's website to mitigate these risks. The vulnerabilities pose a significant threat to users who may inadvertently open compromised files. Immediate action is recommended to prevent potential exploitation. No evidence of active exploitation has been reported as of now. Key Points: • Adobe InCopy and Illustrator have critical vulnerabilities allowing remote code execution. • User interaction is required to exploit these vulnerabilities by opening crafted files. • Patches are available, and users are urged to update their software immediately.

Key Entities

  • Zero-day Exploit (attack_type)
  • CVE-2026-27264 (cve)
  • Cwe-125 - Out-of-bounds Read (cwe)
  • Cwe-787 - Out-of-bounds Write (cwe)
  • T1203 - Exploitation for Client Execution (mitre_attack)
  • T1204 - User Execution (mitre_attack)
  • Adobe Illustrator (platform)
  • Adobe InCopy (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed