Advertisement






Adobe Photoshop CC & Bridge CC PNG file parsing memory corruption

CVE Category Price Severity
CVE-2020-10941 CWE-119 $5,000 High
Author Risk Exploitation Type Date
Mat Powell High Local 2016-02-09
CPE
cpe:cpe:/a:adobe:photoshop_cc
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2016020090

Below is a copy:

Adobe Photoshop CC & Bridge CC PNG file parsing memory corruption#####################################################################################
 
Application: Adobe Photoshop CC & Bridge CC PNG file parsing memory corruption
 
Platforms: Windows
 
Versions: Bridge CC 6.1.1 and earlier versions
 
Version: Photoshop CC 16.1.1 (2015.1.1) and earlier versions
 
CVE; 2016-0951
 
Author: Francis Provencher of COSIG
 
Twitter: @COSIG_
 
#####################################################################################
 
1) Introduction
2) Report Timeline
3) Technical details
4) POC
 
#####################################################################################
 
===============
1) Introduction
===============
 
Adobe Photoshop is a raster graphics editor developed and published by Adobe Systems for Windows and OS X.
 
(https://en.wikipedia.org/wiki/Adobe_Photoshop)
 
#####################################################################################
 
============================
2) Report Timeline
============================
 
2015-11-11: Francis Provencher from COSIG report the issue to PSIRT (ADOBE);
 
2016-02-09: Adobe release a patch (APSB16-03);
 
2016-02-09: COSIG release this advisory;
 
#####################################################################################
 
============================
3) Technical details
============================
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Photoshop CC & Bridge CC. User interaction is required to exploit this vulnerability in that the target must open a malicious file. By providing a malformed PNG file with an invalid uint32 Length, an attacker can cause an heap memory corruption. An attacker could leverage this to execute arbitrary code under the context of the application.
 
#####################################################################################
 
===========
 
4) POC
 
===========
 
(Theses files must be in the same folder for Bridge CC)
 
http://protekresearchlab.com/exploits/COSIG-2016-08-1.png
http://protekresearchlab.com/exploits/COSIG-2016-08-2.png
 
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39429.zip
 
 
###############################################################################

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.