OSVDB ID: 81832

Title: Adobe Photoshop U3D.8bi Plugin Collada (.dae) Asset Element Handling Remote Overflow

Info

Disclosure

May 10, 2012

Discovery

Unknown

Dates

Exploit

May 10, 2012

Solution

Unknown

Description

Adobe Photoshop is prone to an overflow condition. The U3D.8bi plugin fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted Collada (.dae) asset element, a context-dependent attacker can potentially execute arbitrary.

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public
Disclosure: Coordinated Disclosure

Solution

Upgrade to version CS6 or higher, as the researcher has reported that they were unable to reproduce the vulnerability on CS6, despite the vendor not mentioning it in changelogs.. An upgrade is required as there are no known workarounds.

Products

Adobe Systems Incorporated

Photoshop

CS5.1

References

Security Tracker: 1027063
Exploit Database: 18862
CVE ID: 2012-2052 (see also: NVD)
Secunia Advisory ID: 49160
Other Advisory URL: http://retrogod.altervista.org/9sg_photoshock_adv.htm
Generic Exploit URL: http://retrogod.altervista.org/9sg_photoshock_u3d.htm
Mail List Post: http://seclists.org/bugtraq/2012/May/58

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/81832