Adobe Photoshop < CS5 / CS5.1 Multiple Arbitrary Code Execution Vulnerabilities (APSB12-11)

high Nessus プラグイン ID 59172

Language:

概要

リモートホストに、複数の任意のコード実行の脆弱性の影響を受けるアプリケーションがインストールされています。

説明

The version of Adobe Photoshop installed on the remote Windows host is prior to CS5 (12.0.5) or CS5.1 (12.1.1). It is, therefore, multiple arbitrary code execution vulnerabilities :

- Multiple heap-based buffer overflow conditions exist due to a failure to properly sanitize user-supplied input when decompressing and handling TIFF image files. An unauthenticated, remote attacker can exploit these issues, by convincing a user to open a specially crafted TIFF image file, to execute arbitrary code.
(CVE-2012-2027, CVE-2012-2028)

- A buffer overflow condition exists in the U3D.8bi plugin due to a failure to properly sanitize user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to open a file containing a specially crafted Collada (.dae) asset element, to execute arbitrary code. (CVE-2012-2052)

- A heap-based buffer overflow condition exists in photoshop.exe due to a failure to properly sanitize user-supplied input when decompressing a SGI24LogLum compressed TIFF image. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted TIFF image file, to execute arbitrary code. (CVE-2012-0275)