Autodesk SketchBook Pro < 6.2.5 / SketchBook Copic Edition < 2.0.2 Heap Buffer Overflow

high Nessus Plugin ID 77369

Synopsis

The remote host has a graphics editing application installed that is affected by a heap-based buffer overflow vulnerability.

Description

The version of Autodesk SketchBook installed on the remote host is Pro prior to 6.2.5 or Copic Edition prior to 2.0.2. It is, therefore, affected by a heap-based buffer overflow vulnerability. The flaw exists when decompressing RLE-compressed channel data in PSD files, since user-supplied input is not correctly validated. Using a specially crafted PSD file, an attacker could cause a denial of service or execute arbitrary code.

Solution

Upgrade to SketchBook Pro 6.2.5 / Copic Edition 2.0.2 or later.

See Also

http://www.nessus.org/u?63a1d7df

Plugin Details

Severity: High

ID: 77369

File Name: autodesk_sketchbook_pro_CVE-2013-5365.nasl

Version: 1.2

Type: local

Agent: windows

Family: Windows

Published: 8/25/2014

Updated: 6/27/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:autodesk:sketchbook, cpe:/a:autodesk:sketchbook_pro, cpe:/a:autodesk:sketchbook_copic

Required KB Items: SMB/Registry/Enumerated, installed_sw/Autodesk SketchBook

Exploit Ease: No known exploits are available

Patch Publication Date: 3/31/2014

Vulnerability Publication Date: 4/1/2014

Reference Information

CVE: CVE-2013-5365

BID: 66563