SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Adobe Photoshop Vendors:   Adobe Systems Incorporated
Adobe Photoshop Buffer Overflows Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1027477
SecurityTracker URL:  http://securitytracker.com/id/1027477
CVE Reference:   CVE-2012-0275, CVE-2012-4170   (Links to External Site)
Date:  Sep 4 2012
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): CS6 (13.0), and prior versions
Description:   Two vulnerabilities were reported in Adobe Photoshop. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted file that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system [CVE-2012-4170]. The code will run with the privileges of the target user.

Francis Provencher (via Secunia SVCRP) reported this vulnerability.

A remote user can create a specially crafted SGI24LogLum-compressed TIFF image that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system [CVE-2012-0275]. The code will run with the privileges of the target user.

Carsten Eiram, Secunia Research, reported this vulnerability.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued a fix for both vulnerabilities (CS6 (13.0.1)).

The vendor silently issued a fix for CVE-2012-0275 in CS5 (12.0.5) and CS5.1 (12.1.1).

The vendor's advisories are available at:

http://www.adobe.com/support/security/bulletins/apsb12-11.html
http://www.adobe.com/support/security/bulletins/apsb12-20.html

Vendor URL:  www.adobe.com/support/security/bulletins/apsb12-20.html (Links to External Site)
Cause:   Boundary error
Underlying OS:   UNIX (OS X), Windows (Any)

Message History:   None.


 Source Message Contents

Date:  Mon, 3 Sep 2012 14:29:37 +0200
Subject:  [Full-disclosure] Secunia Research: Adobe Photoshop TIFF SGI24LogLum Decompression Buffer Overflow

====================================================================== 

                     Secunia Research 03/09/2012

  - Adobe Photoshop TIFF SGI24LogLum Decompression Buffer Overflow -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

* Adobe Photoshop CS5
* Adobe Photoshop CS5.1
* Adobe Photoshop CS6

NOTE: Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Highly Critical
Impact: System Compromise
Where:  Remote

====================================================================== 
3) Vendor's Description of Software 

"Adobe Photoshop CS6 software delivers even more imaging magic, new 
creative options, and the Adobe Mercury Graphics Engine for blazingly
fast performance.".

Product Link:
http://www.adobe.com/products/photoshop.html

====================================================================== 
4) Description of Vulnerability

Secunia Research has discovered a vulnerability in Adobe Photoshop, 
which can be exploited by malicious people to compromise a user's 
system.

The vulnerability is caused by insufficient validation in 
Photoshop.exe when decompressing SGI24LogLum-compressed TIFF images. 
This can be exploited via a specially crafted TIFF image to cause a 
heap-based buffer overflow.

Successful exploitation may allow execution of arbitrary code.

====================================================================== 
5) Solution 

Update to version 12.0.5, 12.1.1, or 13.0.1.

====================================================================== 
6) Time Table 

27/03/2012 - Vendor notified.
27/03/2012 - Vendor response.
08/05/2012 - Vulnerability addressed in CS5 and CS5.1 via APSB12-11.
04/07/2012 - Status update requested.
04/07/2012 - Vendor confirms fix in APSB12-11 and confirms that CS6 
             is still vulnerable. Fix to be included in next update.
30/08/2012 - APSB12-20 released. Vulnerability fixed, but no mention 
             of it in the security bulletin. Vendor contacted for 
             status update.
31/08/2012 - Vendor confirmation that vulnerability was addressed. 
             APSB12-11 and APSB12-20 updated accordingly.
03/09/2012 - Public disclosure.

====================================================================== 
7) Credits 

Discovered by Carsten Eiram, Secunia Research.

====================================================================== 
8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned 
CVE-2012-0275 for the vulnerability.

====================================================================== 
9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/advisories/business_solutions/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private 
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the 
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/corporate/jobs/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/advisories/mailing_lists/

====================================================================== 
10) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2012-29/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC