Adobe released a security bulletin in reference to Illustrator CS3 and urged all CS3 users update their installations as outlined in the bulletin.
The vulnerability was discovered and then detailed by Secunia Research. Secunia said that two vulnerabilities were discovered in Adobe Illustrator and are caused ‘due to input validation errors in PNG.8BI and BMP.8BI when processing PNG and BMP image files. These can be exploited to cause heap-based buffer overflows when e.g. opening a specially crafted .PNG or .BMP file.’
According to Adobe, a malicious BMP, DIB, RLE, or PNG must be opened in Illustrator by the user for an attacker to exploit these potential vulnerabilities.