‫ Adobe Camera Raw Plug-in TIFF Image Processing Two Vulnerabilities

IRCAD2012122368
ID: IRCAD2012122368
Release Date: 2012-12-12
Criticality level: Highly critical
Software:
Adobe Bridge CS6 5.x
Adobe Photoshop CS6 13.x
Description:
Two vulnerabilities have been discovered in Adobe Camera Raw Plug-in, which can be exploited by malicious people to compromise a user's system.
1) An error in the "Camera Raw.8bi" plug-in when processing a LZW compressed TIFF image can be exploited to cause a heap-based buffer underflow via a specially crafted LZW code within an image row strip.
2) An integer overflow error in the "Camera Raw.8bi" plug-in when allocating memory during TIFF image processing can be exploited to cause a heap-based buffer overflow via specially crafted image dimensions.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code, but requires tricking a user into opening or previewing a malicious file.
The vulnerabilities are reported in the plug-in version 7.2 and prior, confirmed in:
* Adobe Bridge CS6 version 5.0.0.399.
* Adobe Photoshop CS6 version 13.0 20120315.r.428.
Solution
Update the plug-in to version 7.3 via the application's update mechanism.
References:
Secunia Research:
Secunia:
http://secunia.com/advisories/49929/

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 24 آذر 1391

امتیاز

امتیاز شما
تعداد امتیازها:0