Adobe Photoshop '.tiff' File Use After Free Memory Corruption Vulnerability

Bugtraq ID:	52634
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 20 2012 12:00AM
Updated:	Mar 20 2012 12:00AM
Credit:	Francis Provencher of Protek Research Lab.
Vulnerable:	Adobe Photoshop CS5.1
Not Vulnerable:

Adobe Photoshop '.tiff' File Use After Free Memory Corruption Vulnerability

Adobe Photoshop is prone to a use-after-free memory-corruption vulnerability.

Attackers may exploit this issue to execute arbitrary code in the context of the user running the affected application.

Adobe Photoshop CS5.1 (version 12.1) is vulnerable; other versions may also be affected.

Adobe Photoshop '.tiff' File Use After Free Memory Corruption Vulnerability

A proof of concept file is available. Please see the references for information.

Adobe Photoshop '.tiff' File Use After Free Memory Corruption Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].

Adobe Photoshop '.tiff' File Use After Free Memory Corruption Vulnerability

References:

• Adobe Photoshop 12.1 Tiff Parsing Use-After-Free (Protek Research Lab)
  
• Adobe Photoshop Homepage (Adobe)
  
• APSB12-11:Security Bulletin for Adobe Photoshop (Adobe)