Vulnerability CVE-2007-2365


Published: 2007-04-30   Modified: 2012-02-12

Description:
Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0, Illustrator CS3, and GoLive 9 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Adobe
Product: Illustrator 
Version: cs3;
Product: Photoshop 
Version: 9.0.2;
Product: Golive 
Version: 9;
Product: Photoshop elements 
Version: 5.0;

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://xforce.iss.net/xforce/xfdb/33956
http://www.vupen.com/english/advisories/2007/3443
http://www.vupen.com/english/advisories/2007/3442
http://www.vupen.com/english/advisories/2007/1577
http://www.securityfocus.com/bid/23698
http://www.milw0rm.com/exploits/3812
http://www.adobe.com/support/security/bulletins/apsb07-17.html
http://www.adobe.com/support/security/bulletins/apsb07-16.html
http://www.adobe.com/support/security/bulletins/apsb07-13.html
http://securitytracker.com/id?1018792
http://secunia.com/advisories/26864
http://secunia.com/advisories/26846
http://secunia.com/advisories/25044
http://osvdb.org/38063
http://osvdb.org/35465

Related CVE
CVE-2019-8076
Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2019-8070
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2019-8069
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2019-8001
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-8000
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.
CVE-2019-7999
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.
CVE-2019-7998
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-7997
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.

Copyright 2019, cxsecurity.com

 

Back to Top