Adobe Photoshop CC 17.x < 17.0.2 / 18.x < 18.1 Multiple Vulnerabilities (APSB17-12)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote host has an application installed that is affected by
multiple vulnerabilities.

Description :

The version of Adobe Photoshop CC installed on the remote Windows host
is 17.x prior to 17.0.2 (2015.5.2) or 18.x prior to 18.1 (2017.1.0).
It is, therefore, affected by multiple vulnerabilities :

- A memory corruption issue exists due to improper
handling of PCX files. An unauthenticated, remote
attacker can exploit this, by convincing a user to open
a specially crafted PCX file, to execute arbitrary code.
(CVE-2017-3004)

- An unquoted search path flaw exists that allows an
attacker to elevate privileges via a malicious
executable in the root path. (CVE-2017-3005)

See also :

https://helpx.adobe.com/security/products/photoshop/apsb17-12.html

Solution :

Upgrade to Adobe Photoshop CC version 17.0.2 (2015.5.2) / 18.1
(2017.1.0) or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 99369 ()

Bugtraq ID: 97553
97559

CVE ID: CVE-2017-3004
CVE-2017-3005

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now