Adobe Photoshop < CS5 / CS5.1 Multiple Arbitrary Code Execution Vulnerabilities (APSB12-11)

This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.


Synopsis :

The remote host has an application installed that is affected by
multiple arbitrary code execution vulnerabilities.

Description :

The version of Adobe Photoshop installed on the remote Windows host is
prior to CS5 (12.0.5) or CS5.1 (12.1.1). It is, therefore, multiple
arbitrary code execution vulnerabilities :

- Multiple heap-based buffer overflow conditions exist due
to a failure to properly sanitize user-supplied input
when decompressing and handling TIFF image files. An
unauthenticated, remote attacker can exploit these
issues, by convincing a user to open a specially crafted
TIFF image file, to execute arbitrary code.
(CVE-2012-2027, CVE-2012-2028)

- A buffer overflow condition exists in the U3D.8bi plugin
due to a failure to properly sanitize user-supplied
input. An unauthenticated, remote attacker can exploit
this, by convincing a user to open a file containing a
specially crafted Collada (.dae) asset element, to
execute arbitrary code. (CVE-2012-2052)

- A heap-based buffer overflow condition exists in
photoshop.exe due to a failure to properly sanitize
user-supplied input when decompressing a SGI24LogLum
compressed TIFF image. An unauthenticated, remote
attacker can exploit this, by convincing a user to open
a specially crafted TIFF image file, to execute
arbitrary code. (CVE-2012-0275)

See also :

http://www.nessus.org/u?268de05d
http://www.adobe.com/support/security/bulletins/apsb12-11.html
https://helpx.adobe.com/photoshop/kb/security-update-photoshop.html

Solution :

Upgrade to Adobe Photoshop CS6 (13.0). Alternatively, apply the patch
referenced in the vendor advisory.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 59172 ()

Bugtraq ID: 52634
53421
53464
55372

CVE ID: CVE-2012-2027
CVE-2012-2028
CVE-2012-2052
CVE-2012-0275

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now