Adobe Photoshop CC Multiple Vulnerabilities (APSB15-12) (Mac OS X)

critical Nessus Plugin ID 84404

Synopsis

The remote host has an application that is affected by multiple vulnerabilities.

Description

The version of Adobe Photoshop installed on the remote Mac OS X host is prior or equal to CC 2014 15.2.2 (2014.2.2). It is, therefore, affected by the following vulnerabilities :

- An unspecified memory corruption flaw exists due to not properly validating user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-3109)

- A integer overflow flaw exists in the GIF parser due to not properly handling a GIF file with an invalid ImageLeftPosition value. An attacker can exploit this to corrupt memory or execute arbitrary code.
(CVE-2015-3110)

- A heap-based overflow flaw exists in the PNG parser due to not properly handling a PNG file in which the CHUNK structure has an oversized length value. An attacker can exploit this to corrupt memory or execute arbitrary code.
(CVE-2015-3111)

- A memory corruption flaw exists due to not properly validating user-supplied input when handling a PDF file containing an embedded JPEG with an oversized field value. An attacker can exploit this to corrupt memory or execute arbitrary code. (CVE-2015-3112)

Solution

Upgrade to Adobe Photoshop CC 2015 16.0 (2015.0.0) or later.

See Also

https://helpx.adobe.com/security/products/photoshop/apsb15-12.html

Plugin Details

Severity: Critical

ID: 84404

File Name: macosx_adobe_photoshop_apsb15-12.nasl

Version: 1.9

Type: local

Agent: macosx

Published: 6/26/2015

Updated: 7/14/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:adobe:photoshop, cpe:/a:adobe:photoshop_cc

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, installed_sw/Adobe Photoshop

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/16/2015

Vulnerability Publication Date: 6/16/2015

Reference Information

CVE: CVE-2015-3109, CVE-2015-3110, CVE-2015-3111, CVE-2015-3112

BID: 75240, 75242, 75243, 75245