Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption 2
2016-02-09T00:00:00
ID EDB-ID:39430 Type exploitdb Reporter Francis Provencher Modified 2016-02-09T00:00:00
Description
Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption 2. CVE-2016-0952. Dos exploit for windows platform
#####################################################################################
Application: Adobe Photoshop CC & Bridge CC PNG file parsing memory corruption
Platforms: Windows
Versions: Bridge CC 6.1.1 and earlier versions
Version: Photoshop CC 16.1.1 (2015.1.1) and earlier versions
CVE; 2016-0952
Author: Francis Provencher of COSIG
Twitter: @COSIG_
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) POC
#####################################################################################
===============
1) Introduction
===============
Adobe Photoshop is a raster graphics editor developed and published by Adobe Systems for Windows and OS X.
(https://en.wikipedia.org/wiki/Adobe_Photoshop)
#####################################################################################
============================
2) Report Timeline
============================
2015-11-11: Francis Provencher from COSIG report the issue to PSIRT (ADOBE);
2016-02-09: Adobe release a patch (APSB16-03);
2016-02-09: COSIG release this advisory;
#####################################################################################
============================
3) Technical details
============================
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Photoshop CC & Bridge CC. User interaction is required to exploit this vulnerability in that the target must open a malicious file. By providing a malformed PNG file with an invialid uint32 CRC checksum, an attacker can cause an heap memory corruption. An attacker could leverage this to execute arbitrary code under the context of the application.
#####################################################################################
===========
4) POC
===========
(Theses files must be in the same folder for Bridge CC)
http://protekresearchlab.com/exploits/COSIG-2016-09-1.png
http://protekresearchlab.com/exploits/COSIG-2016-09-2.png
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39430.zip
###############################################################################
{"id": "EDB-ID:39430", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption 2", "description": "Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption 2. CVE-2016-0952. Dos exploit for windows platform", "published": "2016-02-09T00:00:00", "modified": "2016-02-09T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/39430/", "reporter": "Francis Provencher", "references": [], "cvelist": ["CVE-2016-0952"], "lastseen": "2016-02-11T20:53:53", "viewCount": 5, "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2016-02-11T20:53:53", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-0952"]}, {"type": "zdt", "idList": ["1337DAY-ID-25821"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310806871", "OPENVAS:1361412562310806869"]}, {"type": "nessus", "idList": ["MACOSX_ADOBE_BRIDGE_APSB16-03.NASL", "MACOSX_ADOBE_PHOTOSHOP_APSB16-03.NASL", "ADOBE_BRIDGE_APSB16-03.NASL", "ADOBE_PHOTOSHOP_APSB16-03.NASL"]}], "modified": "2016-02-11T20:53:53", "rev": 2}, "vulnersScore": 6.1}, "sourceHref": "https://www.exploit-db.com/download/39430/", "sourceData": "#####################################################################################\r\n\r\nApplication: Adobe Photoshop CC & Bridge CC PNG file parsing memory corruption\r\n\r\nPlatforms: Windows\r\n\r\nVersions: Bridge CC 6.1.1 and earlier versions\r\n\r\nVersion: Photoshop CC 16.1.1 (2015.1.1) and earlier versions\r\n\r\nCVE; 2016-0952\r\n\r\nAuthor: Francis Provencher of COSIG\r\n\r\nTwitter: @COSIG_\r\n\r\n#####################################################################################\r\n\r\n1) Introduction\r\n2) Report Timeline\r\n3) Technical details\r\n4) POC\r\n\r\n#####################################################################################\r\n\r\n===============\r\n1) Introduction\r\n===============\r\n\r\nAdobe Photoshop is a raster graphics editor developed and published by Adobe Systems for Windows and OS X.\r\n\r\n(https://en.wikipedia.org/wiki/Adobe_Photoshop)\r\n\r\n#####################################################################################\r\n\r\n============================\r\n2) Report Timeline\r\n============================\r\n\r\n2015-11-11: Francis Provencher from COSIG report the issue to PSIRT (ADOBE);\r\n\r\n2016-02-09: Adobe release a patch (APSB16-03);\r\n\r\n2016-02-09: COSIG release this advisory;\r\n\r\n#####################################################################################\r\n\r\n============================\r\n3) Technical details\r\n============================\r\n\r\nThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Photoshop CC & Bridge CC. User interaction is required to exploit this vulnerability in that the target must open a malicious file. By providing a malformed PNG file with an invialid uint32 CRC checksum, an attacker can cause an heap memory corruption. An attacker could leverage this to execute arbitrary code under the context of the application.\r\n\r\n#####################################################################################\r\n\r\n===========\r\n\r\n4) POC\r\n\r\n===========\r\n\r\n(Theses files must be in the same folder for Bridge CC)\r\n\r\nhttp://protekresearchlab.com/exploits/COSIG-2016-09-1.png\r\nhttp://protekresearchlab.com/exploits/COSIG-2016-09-2.png\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39430.zip\r\n\r\n###############################################################################\r\n", "osvdbidlist": []}
{"cve": [{"lastseen": "2021-02-02T06:28:00", "description": "Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0951 and CVE-2016-0953.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-10T20:59:00", "title": "CVE-2016-0952", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0952"], "modified": "2017-09-10T01:29:00", "cpe": ["cpe:/a:adobe:bridge_cc:6.1", "cpe:/a:adobe:photoshop_cc:16.1.1"], "id": "CVE-2016-0952", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0952", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:bridge_cc:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:photoshop_cc:16.1.1:*:*:*:*:*:*:*"]}], "zdt": [{"lastseen": "2018-01-06T07:01:39", "description": "Exploit for windows platform in category dos / poc", "edition": 1, "published": "2016-02-09T00:00:00", "title": "Adobe Photoshop CC & Bridge CC - '.png' File Parsing Memory Corruption (2)", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-0952"], "modified": "2016-02-09T00:00:00", "href": "https://0day.today/exploit/description/25821", "id": "1337DAY-ID-25821", "sourceData": "#####################################################################################\r\n \r\nApplication: Adobe Photoshop CC & Bridge CC PNG file parsing memory corruption\r\n \r\nPlatforms: Windows\r\n \r\nVersions: Bridge CC 6.1.1 and earlier versions\r\n \r\nVersion: Photoshop CC 16.1.1 (2015.1.1) and earlier versions\r\n \r\nCVE; 2016-0952\r\n \r\nAuthor: Francis Provencher of COSIG\r\n \r\nTwitter: @COSIG_\r\n \r\n#####################################################################################\r\n \r\n1) Introduction\r\n2) Report Timeline\r\n3) Technical details\r\n4) POC\r\n \r\n#####################################################################################\r\n \r\n===============\r\n1) Introduction\r\n===============\r\n \r\nAdobe Photoshop is a raster graphics editor developed and published by Adobe Systems for Windows and OS X.\r\n \r\n(https://en.wikipedia.org/wiki/Adobe_Photoshop)\r\n \r\n#####################################################################################\r\n \r\n============================\r\n2) Report Timeline\r\n============================\r\n \r\n2015-11-11: Francis Provencher from COSIG report the issue to PSIRT (ADOBE);\r\n \r\n2016-02-09: Adobe release a patch (APSB16-03);\r\n \r\n2016-02-09: COSIG release this advisory;\r\n \r\n#####################################################################################\r\n \r\n============================\r\n3) Technical details\r\n============================\r\n \r\nThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Photoshop CC & Bridge CC. User interaction is required to exploit this vulnerability in that the target must open a malicious file. By providing a malformed PNG file with an invialid uint32 CRC checksum, an attacker can cause an heap memory corruption. An attacker could leverage this to execute arbitrary code under the context of the application.\r\n \r\n#####################################################################################\r\n \r\n===========\r\n \r\n4) POC\r\n \r\n===========\r\n \r\n(Theses files must be in the same folder for Bridge CC)\r\n \r\nhttp://protekresearchlab.com/exploits/COSIG-2016-09-1.png\r\nhttp://protekresearchlab.com/exploits/COSIG-2016-09-2.png\r\n \r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39430.zip\r\n \r\n###############################################################################\n\n# 0day.today [2018-01-06] #", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/25821"}], "openvas": [{"lastseen": "2020-05-15T17:22:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0953", "CVE-2016-0952", "CVE-2016-0951"], "description": "The host is installed with Adobe Photoshop\n CC and is prone to multiple vulnerabilities.", "modified": "2020-05-13T00:00:00", "published": "2016-02-15T00:00:00", "id": "OPENVAS:1361412562310806869", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806869", "type": "openvas", "title": "Adobe Photoshop CC Multiple Vulnerabilities (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Photoshop CC Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Kashianth T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806869\");\n script_version(\"2020-05-13T14:08:32+0000\");\n script_cve_id(\"CVE-2016-0951\", \"CVE-2016-0952\", \"CVE-2016-0953\");\n script_bugtraq_id(83114);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-13 14:08:32 +0000 (Wed, 13 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-02-15 13:37:52 +0530 (Mon, 15 Feb 2016)\");\n script_name(\"Adobe Photoshop CC Multiple Vulnerabilities (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Adobe Photoshop\n CC and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to\n multiple memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code or cause a denial of service\n (memory corruption) via unspecified vectors.\");\n\n script_tag(name:\"affected\", value:\"Adobe Photoshop CC 2014 before 15.2.4,\n Photoshop CC 2015 before 16.1.2 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Photoshop CC version\n 16.1.2 (2015.1.2) or 15.2.4 (2014.2.4) or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/photoshop/apsb16-03.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_adobe_photoshop_detect.nasl\");\n script_mandatory_keys(\"Adobe/Photoshop/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/a:adobe:photoshop_cc2015\", \"cpe:/a:adobe:photoshop_cc2014\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_is_less(version:vers, test_version:\"16.1.2\")) {\n fix = \"16.1.2 (2015.1.2)\";\n} else if(version_is_less(version:vers, test_version:\"15.2.4\")) {\n fix = \"15.2.4 (2014.2.4)\";\n}\n\nif(fix) {\n report = report_fixed_ver(installed_version:vers, fixed_version:fix, install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-17T14:25:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0953", "CVE-2016-0952", "CVE-2016-0951"], "description": "The host is installed with Adobe Bridge\n CC and is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2016-02-15T00:00:00", "id": "OPENVAS:1361412562310806871", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806871", "type": "openvas", "title": "Adobe Bridge CC Multiple Vulnerabilities Feb16", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Bridge CC Multiple Vulnerabilities Feb16\n#\n# Authors:\n# Kashianth T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:bridge_cc\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806871\");\n script_version(\"2019-07-05T08:56:43+0000\");\n script_cve_id(\"CVE-2016-0951\", \"CVE-2016-0952\", \"CVE-2016-0953\");\n script_bugtraq_id(83114);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 08:56:43 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-02-15 13:37:52 +0530 (Mon, 15 Feb 2016)\");\n script_name(\"Adobe Bridge CC Multiple Vulnerabilities Feb16\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Adobe Bridge\n CC and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws are due to memory\n corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to execute arbitrary code or cause a denial of service (memory\n corruption) via unspecified vectors.\");\n\n script_tag(name:\"affected\", value:\"Adobe Bridge CC before version 6.2 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Bridge CC 6.2 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/photoshop/apsb16-03.html\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_dependencies(\"gb_adobe_bridge_cc_detect.nasl\");\n script_mandatory_keys(\"Adobe/Bridge/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!prodVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:prodVer, test_version:\"6.2\"))\n{\n report = report_fixed_ver(installed_version:prodVer, fixed_version:\"6.2\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-02-01T03:42:59", "description": "The version of Adobe Bridge installed on the remote Mac OS X host is\nprior to 6.2. It is, therefore, affected by multiple unspecified\nmemory corruption issues due to improper validation of user-supplied\ninput. An unauthenticated, remote attacker can exploit these issues to\nexecute arbitrary code.", "edition": 29, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-12T00:00:00", "title": "Adobe Bridge CC < 6.2 Multiple Memory Corruption Vulnerabilities (APSB16-03) (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0953", "CVE-2016-0952", "CVE-2016-0951"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:adobe:bridge", "cpe:/a:adobe:bridge_cc"], "id": "MACOSX_ADOBE_BRIDGE_APSB16-03.NASL", "href": "https://www.tenable.com/plugins/nessus/88720", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88720);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\"CVE-2016-0951\", \"CVE-2016-0952\", \"CVE-2016-0953\");\n script_bugtraq_id(83114);\n\n script_name(english:\"Adobe Bridge CC < 6.2 Multiple Memory Corruption Vulnerabilities (APSB16-03) (Mac OS X)\");\n script_summary(english:\"Checks the Bridge version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application installed that is affected by\nmultiple memory corruption vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Bridge installed on the remote Mac OS X host is\nprior to 6.2. It is, therefore, affected by multiple unspecified\nmemory corruption issues due to improper validation of user-supplied\ninput. An unauthenticated, remote attacker can exploit these issues to\nexecute arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/photoshop/apsb16-03.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Bridge CC version 6.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0953\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:bridge\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:bridge_cc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_bridge_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Bridge\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item('Host/MacOSX/Version');\nif (!os) audit(AUDIT_OS_NOT, 'Mac OS X');\n\nget_kb_item_or_exit(\"installed_sw/Adobe Bridge\");\n\napp = 'Adobe Bridge';\n\ninstall=get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nproduct = install['name'];\nif (\"CC\" >!< product)\n exit(0, \"Only Adobe Bridge CC is affected.\");\n\npath = install['path'];\nversion = install['version'];\n\n# version < 6.1.1 Vuln\nfix = '6.2';\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Product : ' + product +\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix;\n\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\naudit(AUDIT_INST_VER_NOT_VULN, app + \" CC\", version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T01:16:04", "description": "The version of Adobe Photoshop installed on the remote Windows host is\nprior to 15.2.4 (2014.2.4) or 16.1.2 (2015.1.2). It is, therefore,\naffected by multiple unspecified memory corruption issues due to\nimproper validation of user-supplied input. An unauthenticated, remote\nattacker can exploit these issues to execute arbitrary code.", "edition": 29, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-12T00:00:00", "title": "Adobe Photoshop CC < 15.2.4 / 16.1.2 Multiple Memory Corruption Vulnerabilities (APSB16-03)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0953", "CVE-2016-0952", "CVE-2016-0951"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:adobe:photoshop_cc", "cpe:/a:adobe:photoshop"], "id": "ADOBE_PHOTOSHOP_APSB16-03.NASL", "href": "https://www.tenable.com/plugins/nessus/88719", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88719);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\"CVE-2016-0951\", \"CVE-2016-0952\", \"CVE-2016-0953\");\n script_bugtraq_id(83114);\n\n script_name(english:\"Adobe Photoshop CC < 15.2.4 / 16.1.2 Multiple Memory Corruption Vulnerabilities (APSB16-03)\");\n script_summary(english:\"Checks the Photoshop version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application installed that is affected by\nmultiple memory corruption vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Photoshop installed on the remote Windows host is\nprior to 15.2.4 (2014.2.4) or 16.1.2 (2015.1.2). It is, therefore,\naffected by multiple unspecified memory corruption issues due to\nimproper validation of user-supplied input. An unauthenticated, remote\nattacker can exploit these issues to execute arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/photoshop/apsb16-03.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Photoshop CC version 15.2.4 (2014.2.4) / 16.1.2\n(2015.1.2) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0953\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:photoshop\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:photoshop_cc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_photoshop_installed.nasl\");\n script_require_keys(\"installed_sw/Adobe Photoshop\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"installed_sw/Adobe Photoshop\");\n\napp_name = \"Adobe Photoshop\";\n\ninstall = get_single_install(app_name: app_name, exit_if_unknown_ver: TRUE);\n\nproduct_name = install['Product'];\nif (\"CC\" >!< product_name)\n exit(0, \"Only Adobe Photoshop CC is affected.\");\n\nver = install['version'];\npath = install['path'];\nver_ui = install['display_version'];\n\n# version < 15.2.4 Vuln\nif ( ver =~ '^15' )\n fix = '15.2.4';\n# 16.x < 16.1.2 Vuln\nif ( ver =~ '^16' )\n fix = '16.1.2';\n\nif (ver_compare(ver: ver, fix: fix, strict:FALSE) < 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (isnull(port)) port = 445;\n\n if (report_verbosity > 0)\n {\n report = '\\n Product : ' + product_name +\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver_ui +\n '\\n Fixed version : ' + fix +\n '\\n';\n\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, ver_ui, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T03:43:01", "description": "The version of Adobe Photoshop installed on the remote Mac OS X host\nis prior to 15.2.4 (2014.2.4) or 16.1.2 (2015.1.2). It is, therefore,\naffected by multiple unspecified memory corruption issues due to\nimproper validation of user-supplied input. An unauthenticated, remote\nattacker can exploit these issues to execute arbitrary code.", "edition": 30, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-12T00:00:00", "title": "Adobe Photoshop CC < 15.2.4 / 16.1.2 Multiple Memory Corruption Vulnerabilities (APSB16-03) (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0953", "CVE-2016-0952", "CVE-2016-0951"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:adobe:photoshop_cc", "cpe:/a:adobe:photoshop"], "id": "MACOSX_ADOBE_PHOTOSHOP_APSB16-03.NASL", "href": "https://www.tenable.com/plugins/nessus/88721", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88721);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\"CVE-2016-0951\", \"CVE-2016-0952\", \"CVE-2016-0953\");\n script_bugtraq_id(83114);\n\n script_name(english:\"Adobe Photoshop CC < 15.2.4 / 16.1.2 Multiple Memory Corruption Vulnerabilities (APSB16-03) (Mac OS X)\");\n script_summary(english:\"Checks the Photoshop version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application installed that is affected by\nmultiple memory corruption vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Photoshop installed on the remote Mac OS X host\nis prior to 15.2.4 (2014.2.4) or 16.1.2 (2015.1.2). It is, therefore,\naffected by multiple unspecified memory corruption issues due to\nimproper validation of user-supplied input. An unauthenticated, remote\nattacker can exploit these issues to execute arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/photoshop/apsb16-03.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Photoshop CC version 15.2.4 (2014.2.4) / 16.1.2\n(2015.1.2) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0953\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:photoshop\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:photoshop_cc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_photoshop_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Photoshop\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item('Host/MacOSX/Version');\nif (!os) audit(AUDIT_OS_NOT, 'Mac OS X');\n\nget_kb_item_or_exit(\"installed_sw/Adobe Photoshop\");\n\napp = 'Adobe Photoshop';\n\ninstall=get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\n\nproduct = install['name'];\nif (\"CC\" >!< product)\n exit(0, \"Only Adobe Photoshop CC is affected.\");\n\npath = install['path'];\nversion = install['version'];\n\n# version < 15.2.4 Vuln\nif ( version =~ '^15' )\n fix = '15.2.4';\n# 16.x < 16.1.2 Vuln\nif ( version =~ '^16' )\n fix = '16.1.2';\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Product : ' + product +\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix;\n\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, app + \" CC\", version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T01:16:00", "description": "The version of Adobe Bridge installed on the remote Windows host is\nprior to 6.2. It is, therefore, affected by multiple unspecified\nmemory corruption issues due to improper validation of user-supplied\ninput. An unauthenticated, remote attacker can exploit these issues to\nexecute arbitrary code.", "edition": 29, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-02-12T00:00:00", "title": "Adobe Bridge CC < 6.2 Multiple Memory Corruption Vulnerabilities (APSB16-03)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0953", "CVE-2016-0952", "CVE-2016-0951"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:adobe:bridge", "cpe:/a:adobe:bridge_cc"], "id": "ADOBE_BRIDGE_APSB16-03.NASL", "href": "https://www.tenable.com/plugins/nessus/88718", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88718);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\"CVE-2016-0951\", \"CVE-2016-0952\", \"CVE-2016-0953\");\n script_bugtraq_id(83114);\n\n script_name(english:\"Adobe Bridge CC < 6.2 Multiple Memory Corruption Vulnerabilities (APSB16-03)\");\n script_summary(english:\"Checks the Bridge version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application installed that is affected by\nmultiple memory corruption vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Bridge installed on the remote Windows host is\nprior to 6.2. It is, therefore, affected by multiple unspecified\nmemory corruption issues due to improper validation of user-supplied\ninput. An unauthenticated, remote attacker can exploit these issues to\nexecute arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/photoshop/apsb16-03.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Bridge CC version 6.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0953\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:bridge\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:bridge_cc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_bridge_installed.nasl\");\n script_require_keys(\"installed_sw/Adobe Bridge\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nget_kb_item_or_exit(\"installed_sw/Adobe Bridge\");\n\napp_name = \"Adobe Bridge\";\n\ninstall = get_single_install(app_name: app_name, exit_if_unknown_ver: TRUE);\n\nproduct_name = install['Product'];\nif (\"CC\" >!< product_name)\n exit(0, \"Only Adobe Bridge CC is affected.\");\n\nver = install['version'];\npath = install['path'];\n\n# version < 6.1.1 Vuln\nfix = '6.2';\n\nif (ver_compare(ver: ver, fix: fix, strict:FALSE) < 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (isnull(port)) port = 445;\n\n if (report_verbosity > 0)\n {\n report = '\\n Product : ' + product_name +\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, ver, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
