Adobe Photoshop U3D.8BI Library Collada Asset Elements Handling

Added: 05/30/2012
BID: 53464
OSVDB: 81832

Background

Adobe Photoshop is an application for editing digital images.

Problem

Adobe Photoshop 12.1 in Creative Suite (CS) 5.1 (20110328.r.145) is vulnerable to a stack-based buffer overflow that could be exploited to perform arbitrary remote code execution. The vulnerability is due to a boundary error in the U3D.8BI plug-in when processing Collada file (.dae) asset elements.

Resolution

Upgrade to Adobe Photoshop CS6.

References

http://retrogod.altervista.org/9sg_photoshock_adv.htm
http://secunia.com/advisories/49160/

Limitations

This exploit has been tested with Adobe Systems Photoshop CS5.1 12.1 on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn).

The user must open the exploit file in Adobe Photoshop.

Platforms

Windows

Back to exploit index