Adobe Photoshop BOF And Use After Free Vulnerabilities (Windows) Network Vulnerability

Summary

This host is installed with Adobe Photoshop and is prone to buffer overflow and use after free vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary code. Impact Level: Application/System

Solution

Apply patch for Adobe Photoshop CS5 and CS5.1, For updates refer to http://helpx.adobe.com/photoshop/kb/security-update-photoshop.html Or upgrade to Adobe Photoshop version CS6 or later, For updates refer to http://www.adobe.com/downloads/

Insight

The flaws are caused by - An insufficient input validation while decompressing TIFF images. - An input sanitisation error when parsing TIFF images can be exploited to cause a heap-based buffer overflow via a specially crafted file.

Affected

Adobe Photoshop version prior to CS6 on Windows

References

http://osvdb.org/81861
http://secunia.com/advisories/48457/
http://securitytracker.com/id/1027046
http://www.adobe.com/support/security/bulletins/apsb12-11.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0275, CVE-2012-2027, CVE-2012-2028, CVE-2012-2052
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
Adobe Acrobat Unspecified vulnerability
Adobe Acrobat Multiple Vulnerabilities - Windows
Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability
Adobe AIR Multiple Vulnerabilities-01 Dec13 (Mac OS X)

Adobe Photoshop BOF and Use After Free Vulnerabilities (Windows)

Take action and discover your vulnerabilities