cvelistv5 - cve-2010-1296

CVE-2010-1296 (GCVE-0-2010-1296)

Vulnerability from cvelistv5 – Published: 2010-05-27 19:00 – Updated: 2024-08-07 01:21

Summary

Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.

Severity ?

No CVSS data available.

CWE

Assigner

adobe

References

URL

Tags

	http://www.zeroscience.mk/en/vulnerabilities/ZSL-…	x_refsource_MISC
	http://www.zeroscience.mk/codes/psgradient_bof.txt	x_refsource_MISC
	http://www.zeroscience.mk/codes/psstyle_bof.txt	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.exploit-db.com/exploits/12752	exploitx_refsource_EXPLOIT-DB
	http://www.securitytracker.com/id?1024042	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/40389	vdb-entryx_refsource_BID
	http://www.exploit-db.com/exploits/12753	exploitx_refsource_EXPLOIT-DB
	http://www.adobe.com/support/security/bulletins/a…	x_refsource_CONFIRM
	http://www.exploit-db.com/exploits/12751	exploitx_refsource_EXPLOIT-DB
	http://www.zeroscience.mk/en/vulnerabilities/ZSL-…	x_refsource_MISC
	http://www.zeroscience.mk/en/vulnerabilities/ZSL-…	x_refsource_MISC
	http://www.zeroscience.mk/codes/psbrush_bof.txt	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:21:18.303Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zeroscience.mk/codes/psgradient_bof.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zeroscience.mk/codes/psstyle_bof.txt"
          },
          {
            "name": "photoshopcs4-multiple-code-execution(58888)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58888"
          },
          {
            "name": "12752",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/12752"
          },
          {
            "name": "1024042",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024042"
          },
          {
            "name": "40389",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/40389"
          },
          {
            "name": "12753",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/12753"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb10-13.html"
          },
          {
            "name": "12751",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/12751"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zeroscience.mk/codes/psbrush_bof.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-05-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zeroscience.mk/codes/psgradient_bof.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zeroscience.mk/codes/psstyle_bof.txt"
        },
        {
          "name": "photoshopcs4-multiple-code-execution(58888)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58888"
        },
        {
          "name": "12752",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/12752"
        },
        {
          "name": "1024042",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024042"
        },
        {
          "name": "40389",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/40389"
        },
        {
          "name": "12753",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/12753"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb10-13.html"
        },
        {
          "name": "12751",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/12751"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zeroscience.mk/codes/psbrush_bof.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2010-1296",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php",
              "refsource": "MISC",
              "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php"
            },
            {
              "name": "http://www.zeroscience.mk/codes/psgradient_bof.txt",
              "refsource": "MISC",
              "url": "http://www.zeroscience.mk/codes/psgradient_bof.txt"
            },
            {
              "name": "http://www.zeroscience.mk/codes/psstyle_bof.txt",
              "refsource": "MISC",
              "url": "http://www.zeroscience.mk/codes/psstyle_bof.txt"
            },
            {
              "name": "photoshopcs4-multiple-code-execution(58888)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58888"
            },
            {
              "name": "12752",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/12752"
            },
            {
              "name": "1024042",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024042"
            },
            {
              "name": "40389",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/40389"
            },
            {
              "name": "12753",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/12753"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb10-13.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb10-13.html"
            },
            {
              "name": "12751",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/12751"
            },
            {
              "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php",
              "refsource": "MISC",
              "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php"
            },
            {
              "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php",
              "refsource": "MISC",
              "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php"
            },
            {
              "name": "http://www.zeroscience.mk/codes/psbrush_bof.txt",
              "refsource": "MISC",
              "url": "http://www.zeroscience.mk/codes/psbrush_bof.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2010-1296",
    "datePublished": "2010-05-27T19:00:00",
    "dateReserved": "2010-04-06T00:00:00",
    "dateUpdated": "2024-08-07T01:21:18.303Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:photoshop_cs4:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"11.0.1\", \"matchCriteriaId\": \"64ABCBA5-04E0-454E-B7C8-D4DA7C52AB6B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:photoshop_cs4:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75F5536F-4E8B-4352-B2C7-2F4C46C8C276\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples desbordamiento de b\\u00fafer en Adobe Photoshop CS4 anterior a v11.0.2 permite a atacantes asistidos por el usuario ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de un fichero manipulado (1) .ASL, (2) .ABR, o (3) .GRD\"}]",
      "id": "CVE-2010-1296",
      "lastModified": "2024-11-21T01:14:04.477",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-05-27T19:30:01.657",
      "references": "[{\"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-13.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.exploit-db.com/exploits/12751\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.exploit-db.com/exploits/12752\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.exploit-db.com/exploits/12753\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.securityfocus.com/bid/40389\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1024042\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.zeroscience.mk/codes/psbrush_bof.txt\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.zeroscience.mk/codes/psgradient_bof.txt\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.zeroscience.mk/codes/psstyle_bof.txt\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/58888\", \"source\": \"psirt@adobe.com\"}, {\"url\": \"http://www.adobe.com/support/security/bulletins/apsb10-13.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.exploit-db.com/exploits/12751\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.exploit-db.com/exploits/12752\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.exploit-db.com/exploits/12753\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/40389\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1024042\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.zeroscience.mk/codes/psbrush_bof.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.zeroscience.mk/codes/psgradient_bof.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.zeroscience.mk/codes/psstyle_bof.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/58888\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "psirt@adobe.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-1296\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2010-05-27T19:30:01.657\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamiento de b\u00fafer en Adobe Photoshop CS4 anterior a v11.0.2 permite a atacantes asistidos por el usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero manipulado (1) .ASL, (2) .ABR, o (3) .GRD\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:photoshop_cs4:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"11.0.1\",\"matchCriteriaId\":\"64ABCBA5-04E0-454E-B7C8-D4DA7C52AB6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:photoshop_cs4:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75F5536F-4E8B-4352-B2C7-2F4C46C8C276\"}]}]}],\"references\":[{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-13.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.exploit-db.com/exploits/12751\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.exploit-db.com/exploits/12752\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.exploit-db.com/exploits/12753\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.securityfocus.com/bid/40389\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1024042\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.zeroscience.mk/codes/psbrush_bof.txt\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.zeroscience.mk/codes/psgradient_bof.txt\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.zeroscience.mk/codes/psstyle_bof.txt\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/58888\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb10-13.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.exploit-db.com/exploits/12751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.exploit-db.com/exploits/12752\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.exploit-db.com/exploits/12753\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/40389\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1024042\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.zeroscience.mk/codes/psbrush_bof.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.zeroscience.mk/codes/psgradient_bof.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.zeroscience.mk/codes/psstyle_bof.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/58888\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2010-1296

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.

Aliases

CVE-2010-1296

Aliases

CVE-2010-1296

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-1296",
    "description": "Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.",
    "id": "GSD-2010-1296",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2010-1296"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-1296"
      ],
      "details": "Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.",
      "id": "GSD-2010-1296",
      "modified": "2023-12-13T01:21:32.151165Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2010-1296",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php",
            "refsource": "MISC",
            "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php"
          },
          {
            "name": "http://www.zeroscience.mk/codes/psgradient_bof.txt",
            "refsource": "MISC",
            "url": "http://www.zeroscience.mk/codes/psgradient_bof.txt"
          },
          {
            "name": "http://www.zeroscience.mk/codes/psstyle_bof.txt",
            "refsource": "MISC",
            "url": "http://www.zeroscience.mk/codes/psstyle_bof.txt"
          },
          {
            "name": "photoshopcs4-multiple-code-execution(58888)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58888"
          },
          {
            "name": "12752",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/12752"
          },
          {
            "name": "1024042",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1024042"
          },
          {
            "name": "40389",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/40389"
          },
          {
            "name": "12753",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/12753"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb10-13.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb10-13.html"
          },
          {
            "name": "12751",
            "refsource": "EXPLOIT-DB",
            "url": "http://www.exploit-db.com/exploits/12751"
          },
          {
            "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php",
            "refsource": "MISC",
            "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php"
          },
          {
            "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php",
            "refsource": "MISC",
            "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php"
          },
          {
            "name": "http://www.zeroscience.mk/codes/psbrush_bof.txt",
            "refsource": "MISC",
            "url": "http://www.zeroscience.mk/codes/psbrush_bof.txt"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:adobe:photoshop_cs4:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:adobe:photoshop_cs4:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2010-1296"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.zeroscience.mk/codes/psbrush_bof.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.zeroscience.mk/codes/psbrush_bof.txt"
            },
            {
              "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php"
            },
            {
              "name": "40389",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/40389"
            },
            {
              "name": "http://www.zeroscience.mk/codes/psgradient_bof.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.zeroscience.mk/codes/psgradient_bof.txt"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb10-13.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.adobe.com/support/security/bulletins/apsb10-13.html"
            },
            {
              "name": "http://www.zeroscience.mk/codes/psstyle_bof.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.zeroscience.mk/codes/psstyle_bof.txt"
            },
            {
              "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php"
            },
            {
              "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php"
            },
            {
              "name": "1024042",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1024042"
            },
            {
              "name": "12751",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "http://www.exploit-db.com/exploits/12751"
            },
            {
              "name": "12752",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "http://www.exploit-db.com/exploits/12752"
            },
            {
              "name": "12753",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "http://www.exploit-db.com/exploits/12753"
            },
            {
              "name": "photoshopcs4-multiple-code-execution(58888)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58888"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-17T01:32Z",
      "publishedDate": "2010-05-27T19:30Z"
    }
  }
}

FKIE_CVE-2010-1296

Vulnerability from fkie_nvd - Published: 2010-05-27 19:30 - Updated: 2025-04-11 00:51

Severity ?

Summary

Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.

References

URL	Tags
psirt@adobe.com	http://www.adobe.com/support/security/bulletins/apsb10-13.html	Patch, Vendor Advisory
psirt@adobe.com	http://www.exploit-db.com/exploits/12751
psirt@adobe.com	http://www.exploit-db.com/exploits/12752
psirt@adobe.com	http://www.exploit-db.com/exploits/12753
psirt@adobe.com	http://www.securityfocus.com/bid/40389	Exploit
psirt@adobe.com	http://www.securitytracker.com/id?1024042
psirt@adobe.com	http://www.zeroscience.mk/codes/psbrush_bof.txt	Exploit
psirt@adobe.com	http://www.zeroscience.mk/codes/psgradient_bof.txt	Exploit
psirt@adobe.com	http://www.zeroscience.mk/codes/psstyle_bof.txt	Exploit
psirt@adobe.com	http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php	Exploit
psirt@adobe.com	http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php	Exploit
psirt@adobe.com	http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php	Exploit
psirt@adobe.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/58888
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb10-13.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/12751
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/12752
af854a3a-2127-422b-91ae-364da2661108	http://www.exploit-db.com/exploits/12753
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/40389	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024042
af854a3a-2127-422b-91ae-364da2661108	http://www.zeroscience.mk/codes/psbrush_bof.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.zeroscience.mk/codes/psgradient_bof.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.zeroscience.mk/codes/psstyle_bof.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/58888

Impacted products

	Vendor	Product	Version
	adobe	photoshop_cs4	*
	adobe	photoshop_cs4	11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:photoshop_cs4:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64ABCBA5-04E0-454E-B7C8-D4DA7C52AB6B",
              "versionEndIncluding": "11.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:photoshop_cs4:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "75F5536F-4E8B-4352-B2C7-2F4C46C8C276",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamiento de b\u00fafer en Adobe Photoshop CS4 anterior a v11.0.2 permite a atacantes asistidos por el usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un fichero manipulado (1) .ASL, (2) .ABR, o (3) .GRD"
    }
  ],
  "id": "CVE-2010-1296",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-05-27T19:30:01.657",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-13.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.exploit-db.com/exploits/12751"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.exploit-db.com/exploits/12752"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.exploit-db.com/exploits/12753"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/40389"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securitytracker.com/id?1024042"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.zeroscience.mk/codes/psbrush_bof.txt"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.zeroscience.mk/codes/psgradient_bof.txt"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.zeroscience.mk/codes/psstyle_bof.txt"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58888"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-13.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/12751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/12752"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/12753"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/40389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.zeroscience.mk/codes/psbrush_bof.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.zeroscience.mk/codes/psgradient_bof.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.zeroscience.mk/codes/psstyle_bof.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58888"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2010-AVI-230

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans l'ouverture de certains fichiers par Adobe Photoshop CS4 permet à un utilisateur malveillant d'exécuter du code arbitraire.

Description

Adobe Photoshop CS4 présente une vulnérabilité lors de l'ouverture de fichiers malformés aux formats Photoshop ASL (style d'image), ABR (configuration pour les outils) ou GRD (gradient ou texture). L'exploitation de cette vulnérabilité permet à l'attaquant de prendre le contrôle complet du système vulnérable.

La version Adobe Photoshop CS5 ne présente pas ces vulnérabilité.

Solution

La version CS4 11.0.2 remédie à ces problèmes.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Adobe Photoshop CS4 11.x pour Windows et pour MacOS X.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe apsb10-13 du 26 mai 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eAdobe Photoshop CS4 11.x pour Windows  et pour MacOS X.\u003c/p\u003e",
  "content": "## Description\n\nAdobe Photoshop CS4 pr\u00e9sente une vuln\u00e9rabilit\u00e9 lors de l\u0027ouverture de\nfichiers malform\u00e9s aux formats Photoshop ASL (style d\u0027image), ABR\n(configuration pour les outils) ou GRD (gradient ou texture).\nL\u0027exploitation de cette vuln\u00e9rabilit\u00e9 permet \u00e0 l\u0027attaquant de prendre le\ncontr\u00f4le complet du syst\u00e8me vuln\u00e9rable.\n\nLa version Adobe Photoshop CS5 ne pr\u00e9sente pas ces vuln\u00e9rabilit\u00e9.\n\n## Solution\n\nLa version CS4 11.0.2 rem\u00e9die \u00e0 ces probl\u00e8mes.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-1296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1296"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-230",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-05-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans l\u0027ouverture de certains fichiers par Adobe\nPhotoshop CS4 permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\narbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Photoshop",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb10-13 du 26 mai 2010",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-13.html"
    }
  ]
}

CERTA-2010-AVI-230

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans l'ouverture de certains fichiers par Adobe Photoshop CS4 permet à un utilisateur malveillant d'exécuter du code arbitraire.

Description

La version Adobe Photoshop CS5 ne présente pas ces vulnérabilité.

Solution

La version CS4 11.0.2 remédie à ces problèmes.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Adobe Photoshop CS4 11.x pour Windows et pour MacOS X.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe apsb10-13 du 26 mai 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eAdobe Photoshop CS4 11.x pour Windows  et pour MacOS X.\u003c/p\u003e",
  "content": "## Description\n\nAdobe Photoshop CS4 pr\u00e9sente une vuln\u00e9rabilit\u00e9 lors de l\u0027ouverture de\nfichiers malform\u00e9s aux formats Photoshop ASL (style d\u0027image), ABR\n(configuration pour les outils) ou GRD (gradient ou texture).\nL\u0027exploitation de cette vuln\u00e9rabilit\u00e9 permet \u00e0 l\u0027attaquant de prendre le\ncontr\u00f4le complet du syst\u00e8me vuln\u00e9rable.\n\nLa version Adobe Photoshop CS5 ne pr\u00e9sente pas ces vuln\u00e9rabilit\u00e9.\n\n## Solution\n\nLa version CS4 11.0.2 rem\u00e9die \u00e0 ces probl\u00e8mes.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-1296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1296"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-230",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-05-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans l\u0027ouverture de certains fichiers par Adobe\nPhotoshop CS4 permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\narbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Photoshop",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb10-13 du 26 mai 2010",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-13.html"
    }
  ]
}

GHSA-8X83-5PH9-F7W9

Vulnerability from github – Published: 2022-05-02 06:21 – Updated: 2022-05-02 06:21

Details

Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-1296"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-05-27T19:30:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.",
  "id": "GHSA-8x83-5ph9-f7w9",
  "modified": "2022-05-02T06:21:10Z",
  "published": "2022-05-02T06:21:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1296"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58888"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb10-13.html"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/12751"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/12752"
    },
    {
      "type": "WEB",
      "url": "http://www.exploit-db.com/exploits/12753"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/40389"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1024042"
    },
    {
      "type": "WEB",
      "url": "http://www.zeroscience.mk/codes/psbrush_bof.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.zeroscience.mk/codes/psgradient_bof.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.zeroscience.mk/codes/psstyle_bof.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php"
    },
    {
      "type": "WEB",
      "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php"
    },
    {
      "type": "WEB",
      "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-1296 (GCVE-0-2010-1296)

GSD-2010-1296

FKIE_CVE-2010-1296

CERTA-2010-AVI-230

Description

Solution

CERTA-2010-AVI-230

Description

Solution

GHSA-8X83-5PH9-F7W9

Tags

Sightings

Nomenclature