Vulnerability CVE-2007-2244


Published: 2007-04-25   Modified: 2012-02-12

Description:
Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Adobe
Product: Illustrator 
Version: cs3;
Product: Photoshop 
Version: 9.0.2;
Product: Golive 
Version: 9;

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://xforce.iss.net/xforce/xfdb/33838
http://www.vupen.com/english/advisories/2007/3443
http://www.vupen.com/english/advisories/2007/3442
http://www.vupen.com/english/advisories/2007/1523
http://www.securitytracker.com/id?1017962
http://www.securityfocus.com/bid/23621
http://www.osvdb.org/35370
http://www.milw0rm.com/exploits/3793
http://www.adobe.com/support/security/bulletins/apsb07-17.html
http://www.adobe.com/support/security/bulletins/apsb07-16.html
http://www.adobe.com/support/security/bulletins/apsb07-13.html
http://securitytracker.com/id?1018792
http://secunia.com/advisories/26864
http://secunia.com/advisories/26846
http://secunia.com/advisories/25023
http://osvdb.org/38066
http://osvdb.org/38065
http://osvdb.org/38064

Related CVE
CVE-2019-8076
Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2019-8070
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2019-8069
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2019-8001
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-8000
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.
CVE-2019-7999
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.
CVE-2019-7998
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-7997
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.

Copyright 2019, cxsecurity.com

 

Back to Top