Adobe Photoshop CC 2014 & Bridge CC 2014 Vulnerability

vendor:

Photoshop CC 2014 and Bridge CC 2014

by:

Francis Provencher

8.8

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Photoshop CC 2014 and Bridge CC 2014

Affected Version From: Photoshop CC 2014 and Bridge CC 2014

Affected Version To: Photoshop CC 2014 and Bridge CC 2014

Patch Exists: YES

Related CWE: N/A

CPE: a:adobe:photoshop_cc_2014

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2015

Adobe Photoshop CC 2014 & Bridge CC 2014 Vulnerability

A buffer overflow vulnerability was discovered in Adobe Photoshop CC 2014 and Bridge CC 2014. The vulnerability is caused due to a boundary error when processing user-supplied data. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted file. Successful exploitation may allow execution of arbitrary code.

Mitigation:

Adobe released a patch to address this vulnerability.

Source

Exploit-DB raw data:

#####################################################################################

Application:   Adobe Photoshop CC 2014 & Bridge CC 2014

Platforms:   Windows

Versions:   The vulnerability is confirmed in version Photoshop CC 2014 and Bridge CC 2014.

Secunia:

{PRL}:   2015-08

Author:   Francis Provencher (Protek Research Lab’s)

Website:   http://www.protekresearchlab.com/

Twitter:   @ProtekResearch

#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) POC

#####################################################################################

===============
1) Introduction
===============

Adobe Photoshop is a raster graphics editor developed and published by Adobe Systems for Windows and OS X.

Photoshop was created in 1988 by Thomas and John Knoll. Since then, it has become the de facto industry standard in raster graphics editing, such that the word “photoshop” has become a verb as in “to photoshop an image,” “photoshopping,” and “photoshop contest,” etc. It can edit and compose raster images in multiple layers and supports masks, alpha compositing and several colour models including RGB,CMYK, Lab colour space (with capital L), spot colour and duotone. Photoshop has vast support for graphic file formats but also uses its own PSD and PSB file formats which support all the aforementioned features. In addition to raster graphics, it has limited abilities to edit or render text, vector graphics (especially through clipping path), 3D graphics and video. Photoshop’s featureset can be expanded by Photoshop plug-ins, programs developed and distributed independently of Photoshop that can run inside it and offer new or enhanced features.

(https://en.wikipedia.org/wiki/Adobe_Photoshop)

#####################################################################################

============================
2) Report Timeline
============================

2015-03-15: Francis Provencher from Protek Research Lab’s found the issue;
2015-03-19: Francis Provencher From Protek Research Lab’s report vulnerability to PSIRT;
2015-05-16: Adobe release a patch (APSB15-12)

#####################################################################################

============================
3) Technical details
============================

An error in the the PNG parser, could lead to a memory corruption when processing a crafted PNG image with an oversize value in the “Length” into the “CHUNK” Structure.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code, but requires

tricking a user into opening or previewing a malicious file.

#####################################################################################

===========

4) POC

===========

http://protekresearchlab.com/exploits/PRL-2015-08.png
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/37348.png

###############################################################################