Adobe Photoshop CC & Bridge CC IFF file parsing memory corruption

vendor:

Photoshop CC & Bridge CC

by:

Francis Provencher

9,8

CVSS

CRITICAL

Memory Corruption

119

CWE

Product Name: Photoshop CC & Bridge CC

Affected Version From: Bridge CC 6.1.1 and earlier versions

Affected Version To: Photoshop CC 16.1.1 (2015.1.1) and earlier versions

Patch Exists: YES

Related CWE: CVE-2016-0953

CPE: a:adobe:photoshop_cc

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2016

Adobe Photoshop CC & Bridge CC IFF file parsing memory corruption

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Photoshop CC & Bridge CC. User interaction is required to exploit this vulnerability in that the target must open a malicious file. By providing a malformed IFF file, an attacker can cause an heap memory corruption. An attacker could leverage this to execute arbitrary code under the context of the application.

Mitigation:

Adobe released a patch (APSB16-03) to address this vulnerability.

Source

Exploit-DB raw data:

#####################################################################################

Application: Adobe Photoshop CC & Bridge CC IFF file parsing memory corruption

Platforms: Windows

Versions: Bridge CC 6.1.1 and earlier versions

Version: Photoshop CC 16.1.1 (2015.1.1) and earlier versions

CVE; 2016-0953

Author: Francis Provencher of COSIG

Twitter: @COSIG_

#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) POC

#####################################################################################

===============
1) Introduction
===============

Adobe Photoshop is a raster graphics editor developed and published by Adobe Systems for Windows and OS X.

(https://en.wikipedia.org/wiki/Adobe_Photoshop)

#####################################################################################

============================
2) Report Timeline
============================

2015-11-11: Francis Provencher from COSIG report the issue to PSIRT (ADOBE);

2016-02-09: Adobe release a patch (APSB16-03);

2016-02-09: COSIG release this advisory;

#####################################################################################

============================
3) Technical details
============================

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Photoshop CC & Bridge CC. User interaction is required to exploit this vulnerability in that the target must open a malicious file. By providing a malformed IFF file, an attacker can cause an heap memory corruption. An attacker could leverage this to execute arbitrary code under the context of the application.

#####################################################################################

===========

4) POC

===========

http://protekresearchlab.com/exploits/COSIG-2016-10.iff

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39431.zip

###############################################################################