In a released Monday, Adobe confirmed that the attack affects versions 3 and 4 of its Illustrator Creative Suite software and said the flaw could give hackers a way to run unauthorized software on a victim's computer.
The attack code, last Tuesday, works when a victim opens a specially crafted Encapsulated PostScript (.eps) file in Illustrator. "Adobe categorizes this as a critical issue and recommends that users avoid opening .eps files from unknown or untrusted sources in Illustrator until a patch is available," the company said.
"Adobe plans to make available an update to Adobe Illustrator to resolve the issue by January 8, 2010," the company added in a .
Meanwhile, both Adobe and Microsoft are scheduled to issue critical security patches on Tuesday. Adobe will fix in Flash Player. Microsoft is set to fix 12 bugs in a variety of its products, including a critical flaw in Internet Explorer that was publicly disclosed a few weeks ago.