Multiple Image Editing Applications .PNG Format Handling Remote Buffer Overflow Vulnerability
BID:23698
Info
Multiple Image Editing Applications .PNG Format Handling Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 23698 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-2365 CVE-2007-2366 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 28 2007 12:00AM |
| Updated: | Nov 05 2008 04:15PM |
| Credit: | Marsu is credited with the discovery of this issue. |
| Vulnerable: |
Corel Paint Shop Pro Photo 11.20 Adobe Photoshop Elements 5.0 Adobe Photoshop CS3 Adobe Photoshop CS2 Adobe Illustrator CS3 Adobe GoLive 9 |
| Not Vulnerable: | |
Discussion
Multiple Image Editing Applications .PNG Format Handling Remote Buffer Overflow Vulnerability
Multiple image editors are prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successful exploits allow remote attackers to execute arbitrary machine code in the context of a vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.
The following are vulnerable:
Adobe Photoshop CS2, CS3, and Elements 5.0
Corel Paint Shop Pro 11.20
Other versions may also be affected.
Multiple image editors are prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successful exploits allow remote attackers to execute arbitrary machine code in the context of a vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.
The following are vulnerable:
Adobe Photoshop CS2, CS3, and Elements 5.0
Corel Paint Shop Pro 11.20
Other versions may also be affected.
Exploit / POC
Multiple Image Editing Applications .PNG Format Handling Remote Buffer Overflow Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted PNG file.
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following example exploit is available:
To exploit this issue, an attacker must entice an unsuspecting user to view a maliciously crafted PNG file.
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following example exploit is available:
Solution / Fix
Multiple Image Editing Applications .PNG Format Handling Remote Buffer Overflow Vulnerability
Solution:
Updates are available to address this issue. Please see the referenced advisories for more information.
Adobe Illustrator CS3
Adobe GoLive 9
Adobe Photoshop CS3
Solution:
Updates are available to address this issue. Please see the referenced advisories for more information.
Adobe Illustrator CS3
-
Adobe ai_security_update.dmg
http://www.adobe.com/support/security/bulletins/downloads/ai_security_ update.dmg -
Adobe ai_security_update.zip
http://www.adobe.com/support/security/bulletins/downloads/ai_security_ update.zip
Adobe GoLive 9
-
Adobe gl_security_update.dmg
http://www.adobe.com/support/security/bulletins/downloads/gl_security_ update.dmg -
Adobe gl_security_update.zip
http://www.adobe.com/support/security/bulletins/downloads/gl_security_ update.zip
Adobe Photoshop CS3
-
Adobe patcher_application.dmg
CS3 Update for Macintosh
http://download.macromedia.com/pub/security/bulletins/apsb07-13/mac/pa tcher_application.dmg -
Adobe patcher_application.zip
CS3 Update for Windows
http://download.macromedia.com/pub/security/bulletins/apsb07-13/win/pa tcher_application.zip
References
Multiple Image Editing Applications .PNG Format Handling Remote Buffer Overflow Vulnerability
References:
References:
- Adobe Photoshop Homepage (Adobe)
- Paint Shop Homepage (Corel)
- APSB07-13: Photoshop CS2 and CS3 updates to address security vulnerabilities (Adobe)
- APSB07-16 Illustrator CS3 update to address potential security vulnerabilities (Adobe)
- APSB07-17 GoLive 9 update to address potential security vulnerabilities (Adobe)