bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/dos/39430.txt
Offensive Security d63de06c7a DB: 2022-11-10 
2776 changes to exploits/shellcodes/ghdb
2022-11-10 16:39:50 +00:00

69 lines
No EOL
2.2 KiB
Text
Raw Permalink Blame History

#####################################################################################
Application: Adobe Photoshop CC & Bridge CC PNG file parsing memory corruption
Platforms: Windows
Versions: Bridge CC 6.1.1 and earlier versions
Version: Photoshop CC 16.1.1 (2015.1.1) and earlier versions
CVE; 2016-0952
Author: Francis Provencher of COSIG
Twitter: @COSIG_
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) POC
#####################################################################################
===============
1) Introduction
===============
Adobe Photoshop is a raster graphics editor developed and published by Adobe Systems for Windows and OS X.
(https://en.wikipedia.org/wiki/Adobe_Photoshop)
#####################################################################################
============================
2) Report Timeline
============================
2015-11-11: Francis Provencher from COSIG report the issue to PSIRT (ADOBE);
2016-02-09: Adobe release a patch (APSB16-03);
2016-02-09: COSIG release this advisory;
#####################################################################################
============================
3) Technical details
============================
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Photoshop CC & Bridge CC. User interaction is required to exploit this vulnerability in that the target must open a malicious file. By providing a malformed PNG file with an invialid uint32 CRC checksum, an attacker can cause an heap memory corruption. An attacker could leverage this to execute arbitrary code under the context of the application.
#####################################################################################
===========
4) POC
===========
(Theses files must be in the same folder for Bridge CC)
http://protekresearchlab.com/exploits/COSIG-2016-09-1.png
http://protekresearchlab.com/exploits/COSIG-2016-09-2.png
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39430.zip
###############################################################################
Reference in a new issue View git blame Copy permalink