Adobe Photoshop U3D.8BI Library Collada Asset Elements Handling

2012-05-30T00:00:00
ID SAINT:93E0062E9E77B136B4CF5214D7344CE4
Type saint
Reporter SAINT Corporation
Modified 2012-05-30T00:00:00

Description

Added: 05/30/2012
BID: 53464
OSVDB: 81832

Background

Adobe Photoshop is an application for editing digital images.

Problem

Adobe Photoshop 12.1 in Creative Suite (CS) 5.1 (20110328.r.145) is vulnerable to a stack-based buffer overflow that could be exploited to perform arbitrary remote code execution. The vulnerability is due to a boundary error in the U3D.8BI plug-in when processing Collada file (.dae) asset elements.

Resolution

Upgrade to Adobe Photoshop CS6.

References

<http://retrogod.altervista.org/9sg_photoshock_adv.htm>
<http://secunia.com/advisories/49160/>

Limitations

This exploit has been tested with Adobe Systems Photoshop CS5.1 12.1 on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn).

The user must open the exploit file in Adobe Photoshop.

Platforms

Windows