Adobe Photoshop Camera Raw Plug-in Code Execution Vulnerabilities (Windows) Network Vulnerability

Summary

This host is installed with Adobe Photoshop Camera Raw Plug-in and is prone to code execution vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary code. Impact Level: System/Application

Solution

Upgrade to Adobe Photoshop Camera Raw Plug-in version 7.3 or later, For updates refer to http://www.adobe.com/downloads/

Insight

Errors exists within the 'Camera Raw.8bi' plug-in when - Parsing a LZW compressed TIFF images can be exploited to cause a buffer underflow via a specially crafted LZW code within an image row strip. - Allocating memory during TIFF image processing can be exploited to cause buffer overflow via a specially crafted image dimensions.

Affected

Adobe Photoshop Camera Raw Plug-in version before 7.3 on Windows

References

http://osvdb.org/88389
http://osvdb.org/88390
http://secunia.com/advisories/49929
http://securitytracker.com/id?1027872
http://www.adobe.com/support/security/bulletins/apsb12-28.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-5679, CVE-2012-5680
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Sep13 (Mac OS X)
7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
Adobe Air Multiple Vulnerabilities -01 August 12 (Windows)
Adobe AIR Security Bypass Vulnerability Jan14 (Windows)

Take action and discover your vulnerabilities