certfr_avis - CERTA-2010-AVI-230

CERTA-2010-AVI-230

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans l'ouverture de certains fichiers par Adobe Photoshop CS4 permet à un utilisateur malveillant d'exécuter du code arbitraire.

Description

Adobe Photoshop CS4 présente une vulnérabilité lors de l'ouverture de fichiers malformés aux formats Photoshop ASL (style d'image), ABR (configuration pour les outils) ou GRD (gradient ou texture). L'exploitation de cette vulnérabilité permet à l'attaquant de prendre le contrôle complet du système vulnérable.

La version Adobe Photoshop CS5 ne présente pas ces vulnérabilité.

Solution

La version CS4 11.0.2 remédie à ces problèmes.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Adobe Photoshop CS4 11.x pour Windows et pour MacOS X.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

CVE-2010-1296 (GCVE-0-2010-1296)

Vulnerability from cvelistv5 – Published: 2010-05-27 19:00 – Updated: 2024-08-07 01:21

Summary

Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.

Severity ?

No CVSS data available.

CWE

Assigner

adobe

References

URL

Tags

	http://www.zeroscience.mk/en/vulnerabilities/ZSL-…	x_refsource_MISC
	http://www.zeroscience.mk/codes/psgradient_bof.txt	x_refsource_MISC
	http://www.zeroscience.mk/codes/psstyle_bof.txt	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.exploit-db.com/exploits/12752	exploitx_refsource_EXPLOIT-DB
	http://www.securitytracker.com/id?1024042	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/40389	vdb-entryx_refsource_BID
	http://www.exploit-db.com/exploits/12753	exploitx_refsource_EXPLOIT-DB
	http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
	http://www.exploit-db.com/exploits/12751	exploitx_refsource_EXPLOIT-DB
	http://www.zeroscience.mk/en/vulnerabilities/ZSL-…	x_refsource_MISC
	http://www.zeroscience.mk/en/vulnerabilities/ZSL-…	x_refsource_MISC
	http://www.zeroscience.mk/codes/psbrush_bof.txt	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:21:18.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zeroscience.mk/codes/psgradient_bof.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zeroscience.mk/codes/psstyle_bof.txt"
          },
          {
            "name": "photoshopcs4-multiple-code-execution(58888)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58888"
          },
          {
            "name": "12752",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/12752"
          },
          {
            "name": "1024042",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024042"
          },
          {
            "name": "40389",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/40389"
          },
          {
            "name": "12753",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/12753"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb10-13.html"
          },
          {
            "name": "12751",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/12751"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zeroscience.mk/codes/psbrush_bof.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-05-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zeroscience.mk/codes/psgradient_bof.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zeroscience.mk/codes/psstyle_bof.txt"
        },
        {
          "name": "photoshopcs4-multiple-code-execution(58888)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58888"
        },
        {
          "name": "12752",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/12752"
        },
        {
          "name": "1024042",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024042"
        },
        {
          "name": "40389",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/40389"
        },
        {
          "name": "12753",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/12753"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb10-13.html"
        },
        {
          "name": "12751",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/12751"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zeroscience.mk/codes/psbrush_bof.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2010-1296",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php",
              "refsource": "MISC",
              "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php"
            },
            {
              "name": "http://www.zeroscience.mk/codes/psgradient_bof.txt",
              "refsource": "MISC",
              "url": "http://www.zeroscience.mk/codes/psgradient_bof.txt"
            },
            {
              "name": "http://www.zeroscience.mk/codes/psstyle_bof.txt",
              "refsource": "MISC",
              "url": "http://www.zeroscience.mk/codes/psstyle_bof.txt"
            },
            {
              "name": "photoshopcs4-multiple-code-execution(58888)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58888"
            },
            {
              "name": "12752",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/12752"
            },
            {
              "name": "1024042",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024042"
            },
            {
              "name": "40389",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/40389"
            },
            {
              "name": "12753",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/12753"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb10-13.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb10-13.html"
            },
            {
              "name": "12751",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/12751"
            },
            {
              "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php",
              "refsource": "MISC",
              "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php"
            },
            {
              "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php",
              "refsource": "MISC",
              "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php"
            },
            {
              "name": "http://www.zeroscience.mk/codes/psbrush_bof.txt",
              "refsource": "MISC",
              "url": "http://www.zeroscience.mk/codes/psbrush_bof.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2010-1296",
    "datePublished": "2010-05-27T19:00:00",
    "dateReserved": "2010-04-06T00:00:00",
    "dateUpdated": "2024-08-07T01:21:18.303Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted