Lucene search
Francis Provencher1337DAY-ID-25820HistoryFeb 09, 2016 - 12:00 a.m.
Adobe Photoshop CC & Bridge CC - '.iff' File Parsing Memory Corruption
2016-02-0900:00:00
Francis Provencher
0day.today
19
EPSS
0.016
Percentile
87.6%
Exploit for windows platform in category dos / poc
#####################################################################################
Application: Adobe Photoshop CC & Bridge CC IFF file parsing memory corruption
Platforms: Windows
Versions: Bridge CC 6.1.1 and earlier versions
Version: Photoshop CC 16.1.1 (2015.1.1) and earlier versions
CVE; 2016-0953
Author: Francis Provencher of COSIG
Twitter: @COSIG_
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) POC
#####################################################################################
===============
1) Introduction
===============
Adobe Photoshop is a raster graphics editor developed and published by Adobe Systems for Windows and OS X.
(https://en.wikipedia.org/wiki/Adobe_Photoshop)
#####################################################################################
============================
2) Report Timeline
============================
2015-11-11: Francis Provencher from COSIG report the issue to PSIRT (ADOBE);
2016-02-09: Adobe release a patch (APSB16-03);
2016-02-09: COSIG release this advisory;
#####################################################################################
============================
3) Technical details
============================
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Photoshop CC & Bridge CC. User interaction is required to exploit this vulnerability in that the target must open a malicious file. By providing a malformed IFF file, an attacker can cause an heap memory corruption. An attacker could leverage this to execute arbitrary code under the context of the application.
#####################################################################################
===========
4) POC
===========
http://protekresearchlab.com/exploits/COSIG-2016-10.iff
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39431.zip
###############################################################################
# 0day.today [2018-04-08] #Related
prion
prion
Memory corruption
2016-02-10 20:59:00
Memory corruption
2016-02-10 20:59:00
Memory corruption
2016-02-10 20:59:00
cvelist
cvelist
openvas
openvas
Adobe Photoshop CC Multiple Vulnerabilities - Windows
2016-02-15 00:00:00
Adobe Bridge CC Multiple Vulnerabilities (Feb 2016)
2016-02-15 00:00:00
nvd
nvd
adobe
adobe
APSB16-03 Security updates available for Adobe Photoshop CC and Bridge CC
2016-02-09 00:00:00
nessus
nessus
Adobe Bridge CC < 6.2 Multiple Memory Corruption Vulnerabilities (APSB16-03) (Mac OS X)
2016-02-12 00:00:00
Adobe Photoshop CC < 15.2.4 / 16.1.2 Multiple Memory Corruption Vulnerabilities (APSB16-03) (Mac OS X)
2016-02-12 00:00:00
Adobe Bridge CC < 6.2 Multiple Memory Corruption Vulnerabilities (APSB16-03)
2016-02-12 00:00:00
cve
cve