Adobe Photoshop BOF And Use After Free Vulnerabilities (Mac OS X) Network Vulnerability

Summary

This host is installed with Adobe Photoshop and is prone to buffer overflow and use after free vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary code. Impact Level: Application/System

Solution

Apply patch for Adobe Photoshop CS5 and CS5.1, For updates refer to http://helpx.adobe.com/photoshop/kb/security-update-photoshop.html Or upgrade to Adobe Photoshop version CS6 or later, For updates refer to http://www.adobe.com/downloads/

Insight

The flaws are due to - An insufficient input validation while decompressing TIFF images. - An input sanitisation error when parsing TIFF images can be exploited to cause a heap based buffer overflow via a specially crafted file.

Affected

Adobe Photoshop version prior to CS6 on Mac OS X

References

http://osvdb.org/81861
http://secunia.com/advisories/48457/
http://securitytracker.com/id/1027046
http://www.adobe.com/support/security/bulletins/apsb12-11.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0275, CVE-2012-2027, CVE-2012-2028, CVE-2012-2052

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
Adobe Acrobat Multiple Vulnerabilities April-2012 (Mac OS X)
Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)
Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)

Adobe Photoshop BOF and Use After Free Vulnerabilities (Mac OS X)

Take action and discover your vulnerabilities