OSVDB ID: 85006

Title: Adobe Photoshop Standard MultiPlugin.8BF Module PNG Image File tRNS Chunk Handling Overflow

Info

Disclosure

Aug 30, 2012

Discovery

Unknown

Dates

Exploit

Aug 31, 2012

Solution

Aug 30, 2012

Description

Adobe Photoshop is prone to an overflow condition. The Standard MultiPlugin.8BF module fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted tRNS chunk in a PNG image file, a context-dependent attacker can potentially execute arbitrary code.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public
Disclosure: Vendor Verified, Third-party Verified, Coordinated Disclosure

Solution

Upgrade to version CS6 13.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Adobe Systems Incorporated

Photoshop

CS6 13.0

References

Security Tracker: 1027477
CVE ID: 2012-4170 (see also: NVD)
Exploit Database: 20971
Secunia Advisory ID: 49141
Vendor Specific Advisory URL: http://www.adobe.com/support/security/bulletins/apsb12-20.html
Other Advisory URL: http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=60&Itemid=60

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/85006