Lucene search
Francis Provencher1337DAY-ID-25822HistoryFeb 09, 2016 - 12:00 a.m.
Adobe Photoshop CC & Bridge CC - '.png' File Parsing Memory Corruption (1)
2016-02-0900:00:00
Francis Provencher
0day.today
12
0.013 Low
EPSS
Percentile
85.9%
Exploit for windows platform in category dos / poc
#####################################################################################
Application: Adobe Photoshop CC & Bridge CC PNG file parsing memory corruption
Platforms: Windows
Versions: Bridge CC 6.1.1 and earlier versions
Version: Photoshop CC 16.1.1 (2015.1.1) and earlier versions
CVE; 2016-0951
Author: Francis Provencher of COSIG
Twitter: @COSIG_
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) POC
#####################################################################################
===============
1) Introduction
===============
Adobe Photoshop is a raster graphics editor developed and published by Adobe Systems for Windows and OS X.
(https://en.wikipedia.org/wiki/Adobe_Photoshop)
#####################################################################################
============================
2) Report Timeline
============================
2015-11-11: Francis Provencher from COSIG report the issue to PSIRT (ADOBE);
2016-02-09: Adobe release a patch (APSB16-03);
2016-02-09: COSIG release this advisory;
#####################################################################################
============================
3) Technical details
============================
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Photoshop CC & Bridge CC. User interaction is required to exploit this vulnerability in that the target must open a malicious file. By providing a malformed PNG file with an invalid uint32 Length, an attacker can cause an heap memory corruption. An attacker could leverage this to execute arbitrary code under the context of the application.
#####################################################################################
===========
4) POC
===========
(Theses files must be in the same folder for Bridge CC)
http://protekresearchlab.com/exploits/COSIG-2016-08-1.png
http://protekresearchlab.com/exploits/COSIG-2016-08-2.png
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39429.zip
###############################################################################
# 0day.today [2018-01-03] #Related
prion
prion
Memory corruption
2016-02-10 20:59:00
Memory corruption
2016-02-10 20:59:00
Memory corruption
2016-02-10 20:59:00
cvelist
cvelist
cve
cve
openvas
openvas
Adobe Bridge CC Multiple Vulnerabilities (Feb 2016)
2016-02-15 00:00:00
Adobe Photoshop CC Multiple Vulnerabilities - Windows
2016-02-15 00:00:00
nessus
nessus
Adobe Bridge CC < 6.2 Multiple Memory Corruption Vulnerabilities (APSB16-03) (Mac OS X)
2016-02-12 00:00:00
Adobe Photoshop CC < 15.2.4 / 16.1.2 Multiple Memory Corruption Vulnerabilities (APSB16-03) (Mac OS X)
2016-02-12 00:00:00
Adobe Bridge CC < 6.2 Multiple Memory Corruption Vulnerabilities (APSB16-03)
2016-02-12 00:00:00
nvd
nvd
adobe
adobe
APSB16-03 Security updates available for Adobe Photoshop CC and Bridge CC
2016-02-09 00:00:00