Adobe Photoshop Insecure Library Loading Vulnerability Network Vulnerability

Summary

This host is installed with Adobe Photoshop and is prone to Insecure Library Loading vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary code and conduct DLL hijacking attacks. Impact Level: Application

Solution

Apply Adobe Photoshop 12.0.3 update for Adobe Photoshop CS5. For updates refer to http://www.adobe.com/downloads/

Insight

The flaw is caused by application insecurely loading certain librairies from the current working directory, which could allow attackers to execute arbitrary code by tricking a user into opening a file from a network share.

Affected

Adobe Photoshop CS2 through CS5

References

http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html
http://secunia.com/advisories/41060
http://www.vupen.com/english/advisories/2010/2170

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3127
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities -01 Feb13 (Linux)
Adobe AIR Multiple Vulnerabilities-01 Jun14 (Mac OS X)
Adobe Air Code Execution and DoS Vulnerabilities (Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)

Take action and discover your vulnerabilities