Adobe Photoshop CC / Bridge CC – ‘.iff’ Parsing Memory Corruption

• Exploit Database
• 14 阅读

• 作者： Francis Provencher
  日期： 2016-02-09
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/39431/

• #####################################################################################
  
  Application: Adobe Photoshop CC & Bridge CC IFF file parsing memory corruption
  
  Platforms: Windows
  
  Versions: Bridge CC 6.1.1 and earlier versions
  
  Version: Photoshop CC 16.1.1 (2015.1.1) and earlier versions
  
  CVE; 2016-0953
  
  Author: Francis Provencher of COSIG
  
  Twitter: @COSIG_
  
  #####################################################################################
  
  1) Introduction
  2) Report Timeline
  3) Technical details
  4) POC
  
  #####################################################################################
  
  ===============
  1) Introduction
  ===============
  
  Adobe Photoshop is a raster graphics editor developed and published by Adobe Systems for Windows and OS X.
  
  (https://en.wikipedia.org/wiki/Adobe_Photoshop)
  
  #####################################################################################
  
  ============================
  2) Report Timeline
  ============================
  
  2015-11-11: Francis Provencher from COSIG report the issue to PSIRT (ADOBE);
  
  2016-02-09: Adobe release a patch (APSB16-03);
  
  2016-02-09: COSIG release this advisory;
  
  #####################################################################################
  
  ============================
  3) Technical details
  ============================
  
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Photoshop CC & Bridge CC. User interaction is required to exploit this vulnerability in that the target must open a malicious file. By providing a malformed IFF file, an attacker can cause an heap memory corruption. An attacker could leverage this to execute arbitrary code under the context of the application.
  
  #####################################################################################
  
  ===========
  
  4) POC
  
  ===========
  
  http://protekresearchlab.com/exploits/COSIG-2016-10.iff
  
  https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39431.zip
  
  ###############################################################################