Adobe Photoshop CC & Bridge CC PNG file parsing memory corruption

vendor:

Photoshop CC & Bridge CC

by:

Francis Provencher

9,8

CVSS

CRITICAL

Memory Corruption

119

CWE

Product Name: Photoshop CC & Bridge CC

Affected Version From: Bridge CC 6.1.1 and earlier versions, Photoshop CC 16.1.1 (2015.1.1) and earlier versions

Affected Version To: Bridge CC 6.1.1 and earlier versions, Photoshop CC 16.1.1 (2015.1.1) and earlier versions

Patch Exists: Yes

Related CWE: CVE-2016-0952

CPE: a:adobe:photoshop_cc

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2016

Adobe Photoshop CC & Bridge CC PNG file parsing memory corruption

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Photoshop CC & Bridge CC. User interaction is required to exploit this vulnerability in that the target must open a malicious file. By providing a malformed PNG file with an invialid uint32 CRC checksum, an attacker can cause an heap memory corruption. An attacker could leverage this to execute arbitrary code under the context of the application.

Mitigation:

Adobe released a patch (APSB16-03) to address this vulnerability.

Source

Exploit-DB raw data:

#####################################################################################

Application: Adobe Photoshop CC & Bridge CC PNG file parsing memory corruption

Platforms: Windows

Versions: Bridge CC 6.1.1 and earlier versions

Version: Photoshop CC 16.1.1 (2015.1.1) and earlier versions

CVE; 2016-0952

Author: Francis Provencher of COSIG

Twitter: @COSIG_

#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) POC

#####################################################################################

===============
1) Introduction
===============

Adobe Photoshop is a raster graphics editor developed and published by Adobe Systems for Windows and OS X.

(https://en.wikipedia.org/wiki/Adobe_Photoshop)

#####################################################################################

============================
2) Report Timeline
============================

2015-11-11: Francis Provencher from COSIG report the issue to PSIRT (ADOBE);

2016-02-09: Adobe release a patch (APSB16-03);

2016-02-09: COSIG release this advisory;

#####################################################################################

============================
3) Technical details
============================

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Photoshop CC & Bridge CC. User interaction is required to exploit this vulnerability in that the target must open a malicious file. By providing a malformed PNG file with an invialid uint32 CRC checksum, an attacker can cause an heap memory corruption. An attacker could leverage this to execute arbitrary code under the context of the application.

#####################################################################################

===========

4) POC

===========

(Theses files must be in the same folder for Bridge CC)

http://protekresearchlab.com/exploits/COSIG-2016-09-1.png
http://protekresearchlab.com/exploits/COSIG-2016-09-2.png

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39430.zip

###############################################################################