CVE-2011-2443 : Détail

CVE-2011-2443

Overflow
57.69%V4
Network
2011-10-04
18h00 +00:00
2012-02-14
09h00 +00:00
CVE.org
NVD
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Gestion des notifications

Descriptions du CVE

Multiple buffer overflows in Adobe Photoshop Elements 8.0 and earlier allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted (1) .grd or (2) .abr file, a related issue to CVE-2010-1296.

Informations du CVE

Faiblesses connexes

CWE-ID Nom de la faiblesse Source
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Métriques

Métriques Score Gravité CVSS Vecteur Source
V2 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C nvd@nist.gov

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

Score EPSS

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Percentile EPSS

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
EPSS First.org

Informations sur l'Exploit

Exploit Database EDB-ID : 17918

Date de publication : 2011-10-01 22h00 +00:00
Auteur : LiquidWorm
EDB Vérifié : No

Title: ------ Adobe Photoshop Elements 8.0 Multiple Arbitrary Code Execution Vulnerabilities Vendor: ------- Adobe Systems Inc. (http://www.adobe.com) Product web page: ----------------- http://www.adobe.com/products/photoshop-elements.html Affected version: ----------------- 8.0 and 7.0 (20080916r.508356) Summary: -------- Adobe Photoshop Elements - the No.1 consumer photo editing software that helps you turn everyday memories into sensational photos you'll cherish forever. Easily edit photos and make photo creations using automated options, share photos with your social network, and view photos virtually anywhere you are. Description: ------------ Photoshop Elements 8 suffers from a buffer overflow vulnerability when dealing with .ABR (brushes) and .GRD (gradients) format files. The application fails to sanitize the user input resulting in a memory corruption, overwriting several memory registers which can aid the atacker to gain the power of executing arbitrary code on the affected system or denial of service scenario. WinDBG output: -------------------------------------------------------------------- .abr: ----- (cd8.d98): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=0de318d0 ebx=41414141 ecx=06260000 edx=00004141 esi=0de318c8 edi=41414141 eip=7c919064 esp=0012d784 ebp=0012d9a0 iopl=0 nv up ei ng nz na pe cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210287 ntdll!RtlDosSearchPath_Ustr+0x473: 7c919064 8b0b mov ecx,dword ptr [ebx] ds:0023:41414141=???????? .grd: ----- (d1c.404): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=7efefefe ebx=00414141 ecx=00104d35 edx=41414141 esi=0f0e0c90 edi=0de5d000 eip=781807f5 esp=0012d9e8 ebp=033052a0 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210246 -------------------------------------------------------------------- Tested on: ---------- Microsoft Windows XP Professional Service Pack 3 (English) Vulnerability discovered by: ---------------------------- Gjoko 'LiquidWorm' Krstic Zero Science Lab (http://www.zeroscience.mk) liquidworm gmail com Vendor status: -------------- [22.09.2009] Vulnerabilities discovered. [09.03.2010] Sent detailed info to the vendor with PoC files. [09.03.2010] Vendor responds with assigned tracking numbers of the issues. [21.03.2010] Asked vendor for confirmation. [21.03.2010] Vendor replies confirming the vulnerabilities. [03.06.2011] Asked vendor for scheduled patch release date. [05.06.2011] Vendor replies with a scheduled timeframe. [02.09.2011] Asked vendor for an exact patch release date. [03.09.2011] Vendor replies. [09.09.2011] Asked vendor for assigned advisory ID. [10.09.2011] Vendor tags their Adobe Advisory ID: APSA11-03. [01.10.2011] Coordinated public security advisory released. Advisory details: ----------------- Advisory ID: ZSL-2011-5049 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5049.php Adobe Advisory ID: APSA11-03 Adobe Advisory URL: http://www.adobe.com/support/security/advisories/apsa11-03.html Adobe PSIRT ID: 447,448 CVE ID: CVE-2011-2443 CVE URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2443 CWE ID: CWE-120 CWE URL: http://cwe.mitre.org/data/definitions/120.html REF #1: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php REF #2: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php Proof Of Concept: ----------------- http://www.zeroscience.mk/codes/brush_gradiently.rar (11071 bytes) https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/17918.rar (brush_gradiently.rar)

Products Mentioned

Configuraton 0

Adobe>>Photoshop_elements >> Version To (including) 8.0

Adobe>>Photoshop_elements >> Version 5.0

Adobe>>Photoshop_elements >> Version 7.0

Références

http://securityreason.com/securityalert/8410
Tags : third-party-advisory, x_refsource_SREASON
http://www.exploit-db.com/exploits/17918/
Tags : exploit, x_refsource_EXPLOIT-DB