Summary
This host is installed with Adobe Photoshop Camera Raw Plug-in and is prone to code execution vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code.
Impact Level: System/Application
Solution
Upgrade to Adobe Photoshop Camera Raw Plug-in version 7.3 or later, For updates refer to http://www.adobe.com/downloads/
Insight
Errors exists within the 'Camera Raw.8bi' plug-in when - Parsing a LZW compressed TIFF images can be exploited to cause a buffer underflow via a specially crafted LZW code within an image row strip.
- Allocating memory during TIFF image processing can be exploited to cause buffer overflow via a specially crafted image dimensions.
Affected
Adobe Photoshop Camera Raw Plug-in version before 7.3 on Windows
References
Severity
Classification
-
CVE CVE-2012-5679, CVE-2012-5680 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities-01 Sep14 (Mac OS X)
- Adobe Air Multiple Vulnerabilities -01 August 12 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)
- Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)