Adobe Photoshop PNG Image Processing Buffer Overflow Vulnerabilities (Windows) Network Vulnerability

Summary

This host is installed with Adobe Photoshop and is prone to buffer overflow vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary code. Impact Level: System/Application

Solution

Upgrade to Adobe Photoshop version CS6 (13.0.1) or later, For updates refer to http://www.adobe.com/downloads/

Insight

- A boundary error in the 'Standard MultiPlugin.8BF' module fails to process a Portable Network Graphics (PNG) image, which allows attacker to cause a buffer overflow via a specially crafted 'tRNS' chunk size. - Improper validation in Photoshop.exe when decompressing SGI24LogLum-compressed TIFF images.

Affected

Adobe Photoshop version CS6 (13.0) on Windows

References

http://osvdb.org/85006
http://secunia.com/advisories/49141
http://www.adobe.com/support/security/bulletins/apsb12-20.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0275, CVE-2012-4170

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities -02 April 13 (Mac OS X)
Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
Adobe Acrobat Unspecified vulnerability
Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Mac OS X)

Take action and discover your vulnerabilities