Login Sign Up

CVE-2021-21104

8.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2021-21104 is a memory corruption vulnerability in Adobe Illustrator that allows remote code execution when a user opens a malicious file. Attackers can execute arbitrary code with the privileges of the current user. This affects Adobe Illustrator version 25.2 and earlier on all supported operating systems.

💻 Affected Systems

Products:
  • Adobe Illustrator
Versions: 25.2 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. Requires user interaction to open malicious file.

📦 What is this software?

Illustrator by Adobe

View all CVEs affecting Illustrator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution, allowing attackers to install malware, steal data, or pivot to other systems.

🟠

Likely Case

Malware installation or data theft through crafted Illustrator files sent via email or downloaded from malicious websites.

🟢

If Mitigated

Limited impact if users only open trusted files from verified sources and Illustrator is sandboxed.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but these can be distributed via email or web.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing with malicious attachments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user to open malicious file. No authentication needed beyond file access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 25.2.1 and later

Vendor Advisory: https://helpx.adobe.com/security/products/illustrator/apsb21-24.html

Restart Required: Yes

Instructions:

1. Open Adobe Illustrator. 2. Go to Help > Updates. 3. Install available updates to version 25.2.1 or later. 4. Restart Illustrator after installation.

🔧 Temporary Workarounds

Disable Illustrator file associations

windows

Prevent automatic opening of .ai files by changing default file associations

Use application sandboxing

all

Run Illustrator in sandboxed environment to limit potential damage

🧯 If You Can't Patch

  • Implement strict email filtering to block suspicious Illustrator attachments
  • Educate users to only open Illustrator files from trusted sources and verify file integrity

🔍 How to Verify

Check if Vulnerable:

Check Illustrator version: Open Illustrator > Help > About Illustrator. If version is 25.2 or earlier, system is vulnerable.

Check Version:

On Windows: Check registry HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Illustrator\25.0\Installer\Version. On macOS: Check /Applications/Adobe Illustrator/Contents/Info.plist CFBundleShortVersionString

Verify Fix Applied:

Verify version is 25.2.1 or later in Help > About Illustrator.

📡 Detection & Monitoring

Log Indicators:

  • Illustrator crash logs with memory access violations
  • Unexpected child processes spawned from Illustrator

Network Indicators:

  • Outbound connections from Illustrator to unknown IPs post-file opening

SIEM Query:

process_name:"Illustrator.exe" AND (event_id:1000 OR event_id:1001) OR parent_process:"Illustrator.exe" AND process_creation

📊 Metadata

CVE ID: CVE-2021-21104
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-788
Published: September 8, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21104, you might also want to check these:

CVE-2021-27384 9.8

This vulnerability allows remote attackers to execute arbitrary code on affected Siemens industrial ...

Same vulnerability type (CWE-788)
CVE-2024-20402 8.6

A memory management flaw in Cisco ASA and FTD SSL VPN allows unauthenticated remote attackers to tri...

Same vulnerability type (CWE-788)
CVE-2023-22297 8.2

This vulnerability in Intel Server Board BMC firmware allows a privileged user to access memory beyo...

Same vulnerability type (CWE-788)