Adobe Photoshop CVE-2012-2028 Remote Buffer Overflow Vulnerability

Bugtraq ID:	53421
Class:	Boundary Condition Error
CVE:	CVE-2012-2028
Remote:	Yes
Local:	No
Published:	May 08 2012 12:00AM
Updated:	May 09 2012 07:40AM
Credit:	nine8 of Code Audit Labs of vulnhunt.com
Vulnerable:	Adobe Photoshop EXTENDED CS5.1 12.1 Adobe Photoshop EXTENDED CS5 12.0 Adobe Photoshop CS5.5 0 Adobe PhotoShop CS5 12.0.4 Adobe PhotoShop CS5 12.0.3 Adobe PhotoShop CS5 12.0.2 Adobe PhotoShop CS5 12.0.1 Adobe Photoshop CS5.1 Adobe Photoshop CS5
Not Vulnerable:	Adobe Photoshop CS6 0

Adobe Photoshop CVE-2012-2028 Remote Buffer Overflow Vulnerability

Adobe Photoshop is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Successful exploits will compromise the affected application and possibly the underlying computer. Failed exploit attempts may cause a denial-of-service condition.

Adobe Photoshop CS5.5 and prior versions are vulnerable.

Adobe Photoshop CVE-2012-2028 Remote Buffer Overflow Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Adobe Photoshop CVE-2012-2028 Remote Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references for details.

Adobe Photoshop CVE-2012-2028 Remote Buffer Overflow Vulnerability

References:

• [CAL-2011-0073]Adobe Photoshop parsing TIF heap buffer overflow vulnerability (VulnHunt)
  
• Adobe Photoshop Homepage (Adobe)
  
• APSB12-11:Security Bulletin for Adobe Photoshop (Adobe)