Adobe Photoshop BOF And Use After Free Vulnerabilities (Windows) Network Vulnerability

Summary

This host is installed with Adobe Photoshop and is prone to buffer overflow and use after free vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary code. Impact Level: Application/System

Solution

Apply patch for Adobe Photoshop CS5 and CS5.1, For updates refer to http://helpx.adobe.com/photoshop/kb/security-update-photoshop.html Or upgrade to Adobe Photoshop version CS6 or later, For updates refer to http://www.adobe.com/downloads/

Insight

The flaws are caused by - An insufficient input validation while decompressing TIFF images. - An input sanitisation error when parsing TIFF images can be exploited to cause a heap-based buffer overflow via a specially crafted file.

Affected

Adobe Photoshop version prior to CS6 on Windows

References

http://osvdb.org/81861
http://secunia.com/advisories/48457/
http://securitytracker.com/id/1027046
http://www.adobe.com/support/security/bulletins/apsb12-11.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0275, CVE-2012-2027, CVE-2012-2028, CVE-2012-2052

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities-01 Jun14 (Mac OS X)
Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Mac OS X)
Adobe AIR Multiple Vulnerabilities-01 Dec13 (Mac OS X)
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)

Adobe Photoshop BOF and Use After Free Vulnerabilities (Windows)

Take action and discover your vulnerabilities