12/4/2016

Photoshop|LIVEHACKING

NOVEMBER28,2016

ADVERTISEONLIVEHACKING

TERMSOFSERVICE

PRIVACYPOLICY

DISCLAIMER

CONTACT

LIVEHACKING
EthicalHacking|PenetrationTesting
HOME
ADOBE

BOOKSHELF
APPLE

SECURITYBULLETINS
ATTACKS

TRAININGVIDEOS

ANTIVIRUS

CRYPTOGRAPHY

LIVEHACKINGDVD
ETHICALHACKING

TOOLS

TUTORIALS

MICROSOFT

Youarehere:Home/ArchivesforPhotoshop

VULNERABILITIES

MALWARE

SECURITY

LINUX

SEARCH

AdobereleasesfixforPhotoshopCS6PNGparsingheap
overflow

Searchthiswebsite

SEARCH

CATEGORIES

September3,2012byEthicalHacker

Categories

AdobehasreleasedasecuritypatchforAdobe
PhotoshopCS6(13.0)forWindowsand
Macintosh.Theupdatefixescriticalvulnerabilities

SelectCategory

inPhotoshopsPNGparsingthatcouldallowan
attackertakecontrolofanaffectedsystem.

ARCHIVES

Adobehaventreleasemuchinformatonaboutthe
updatebutonlymentionthatitfixestwobuffer
overflowvulnerabilities(CVE20124170andCVE

Archives
SelectMonth

20120275)andthatcouldleadtocodeexecution.
HoweverFrancisProvencher,fromProtek

ADS

ResearchLabs,whowasresponsibleforfinding
oneofthevulnerabilitiesposted
moreinformationonexploitdb.com.
Thevulnerabilityiscausedduetoaboundary
errorintheStandartMultiPlugin.8BFmodulewhenprocessingaPortableNetworkGraphics(PNG)
image.Thiscanbeexploitedtocause
aheapbasedbufferoverflowviaaspeciallycraftedtRNSchunksize.Successfulexploitationmay
allowexecutionofarbitrarycode.However,toexploitthevulnerabilityaPhotoshopuserneedstobe
convincedtoopenamaliciousimageintheeditor.
AdobePhotoshopCS5.1(12.1.1)andAdobePhotoshopCS5(12.0.5)andearlierversionsforWindows
andMacintosharenotaffectedbythesevulnerabilities.
FiledUnder:Adobe,Adobe,Vulnerability

TaggedWith:Adobe,Photoshop
LINKS

AdobeFinallyUpdatestheCS5&CS5.5Versionsof
IllustratorandPhotoshoptoFixSecurityVulnerabilities
June5,2012byEthicalHacker
ThreeweeksagoAdobepublishedtwosecurity
advisoriesdescribingcriticalvulnerabilitiesinthe
CS5andCS5.5versionsofIllustratorand

AliJahangiri'sWebsite
NmapProject
OneLaptopPerChildProject
SmileTrain
WireSharkProject
YouTubelivehacking'sChannel

Photoshop.Theoriginaladvisoriesrecommended
thatusersupgradetoCS6(whichtheywould
havetopayfor)anddidntofferanypatchesor

TAGS

Followingcomplaints,badpressandanoutcry

AdobeAdobeFlashPlayerAndroid
AppleCertificatesChromeCrossSite

fromusers,AdobemadeaUturnandpromised

Scripting DigiNotar Duqu facebook Firefox Flash

patchesinduecourse.Thosepatcheshavenow

FlashPlayer GFI

beenreleased.

ExploreriOSiPhoneJavaLinux

updatesfortheCS5andCS5.5versions.

Illustrator
http://www.livehacking.com/tag/photoshop/

GoogleInternet

MalwareMicrosoftMicrosoft
WindowsMozillaOracleOSXPatch

Tuesday

1/4

12/4/2016

Photoshop|LIVEHACKING

TuesdayPrivacyremoteattackRSASafari

ThevulnerabilitiespresentinAdobeIllustrator
CS5(15.0.x)andAdobeIllustratorCS5.5(15.1)

SecurityBreach SergeyGlazunov

forWindowsandMacintoshcouldallowan

SSLStuxnet

Symantec Trojan Tutorials VLC VulnerabilityScanner

attackerwhosuccessfullyexploitsthese

windows WordPress XSS ZeroDay Zeroday

vulnerabilitiestotakecontroloftheaffected

exploit

computer.AdobehasnowreleasedAdobe
IllustratorCS5(15.0.3)andAdobeIllustrator

WHO'SONLINE

CS5.5(15.1.1)toaddressthevulnerabilities.
Specificallytheupdateaddressessixseparate

0Members.

memorycorruptionvulnerabilitiesthatcouldbe

8Guests.

exploitedtoletanattackerexecutearbitrary
code.

META

Photoshop

EntriesRSS

LikeAdobeIllustrator,thevulnerabilitiespresent

CommentsRSS

inAdobePhotoshopCS5(12.0)andAdobe
PhotoshopCS5.1(12.1)forWindowsandMacintoshcouldallowanattackerwhosuccessfullyexploits
thesevulnerabilitiestotakecontroloftheaffectedcomputer.
AdobehasnowreleasedsecurityupdatesforAdobePhotoshopCS5(12.0)andAdobePhotoshop
CS5.1(12.1)forWindowsandMacintosh.Foranattackertoexploitthevulnerabilitiesamaliciousfile
mustbeopenedinPhotoshop.Adobeisnotawareofanyattacksexploitingthesevulnerabilities.The
updatefixesthreespecificproblems:
1.AuseafterfreeTIFFvulnerabilitythatcouldleadtocodeexecution.
2.Abufferoverflowvulnerabilitythatcouldleadtocodeexecution.
3.AstackbasedbufferoverflowvulnerabilityintheCollada.DAEfileformatthatcouldleadtocode
execution.

FiledUnder:Adobe,Adobe,Vulnerability

TaggedWith:Adobe,Illustrator,Photoshop

AdobeReleasesSecurityBulletinsforIllustrator,Photoshop,
FlashProfessionalandShockwavePlayer
May11,2012byEthicalHacker
(LiveHacking.Com)Adobehasreleasedsecuritybulletinsdescribingcriticalvulnerabilities
inIllustrator,Photoshop,FlashProfessionalandShockwavePlayer:
APSB1210SecuritybulletinforAdobe
Illustrator
APSB1211SecuritybulletinforAdobe
Photoshop
APSB1212SecuritybulletinforAdobeFlash
Professional
APSB1213Securityupdateavailablefor
AdobeShockwavePlayer

Illustrator
AdobereleasedasecurityupgradeforAdobe
IllustratorCS5.5andearlierforWindowsand
Macintosh.Thisupgradeaddressesvulnerabilities
thatcouldallowanattackerwhosuccessfully
exploitsthesevulnerabilitiestotakecontrolofthe
affectedsystem.AdobeisnotawareofanyattacksexploitingthesevulnerabilitiesagainstAdobe
Illustrator.

Photoshop
http://www.livehacking.com/tag/photoshop/

2/4

12/4/2016

Photoshop|LIVEHACKING

AdobehasreleasedasecurityupgradeforAdobePhotoshopCS5andearlierforWindowsand
Macintosh.Thisupgradeaddressesvulnerabilitiesthatcouldallowanattackerwhosuccessfully
exploitsthesevulnerabilitiestotakecontroloftheaffectedsystem.Amalicious.TIFfilemustbe
openedinPhotoshopCS5andearlierforWindowsandMacintoshbytheuserforanattackertobeable
toexploitthesevulnerabilities.Adobeisnotawareofanyattacksexploitingthesevulnerabilities
againstAdobePhotoshop.

FlashProfessional
AdobehasreleasedasecurityupgradeforAdobeFlashProfessionalCS5.5(11.5.1.349)andearlierfor
WindowsandMacintosh.Thisupgradeaddressesavulnerabilitythatcouldallowanattackerwho
successfullyexploitsthisvulnerabilitytotakecontroloftheaffectedsystem.Adobeisnotawareof
anyattacksexploitingthisvulnerabilityagainstAdobeFlashProfessional.

ShockwavePlayer
AdobehasreleasedasecurityupdateforAdobeShockwavePlayer11.6.4.634andearlierversionsfor
WindowsandMacintosh.Thisupdateaddressesvulnerabilitiesthatcouldallowanattackerwho
successfullyexploitsthesevulnerabilitiestorunmaliciouscodeontheaffectedsystem.
FiledUnder:Adobe,Adobe,Vulnerability

TaggedWith:FlashProfessional,Illustrator,

Photoshop,ShockwavePlayer

AdobeReleasesCriticalSecurityBulletinsforShockwave,
FlashMediaServerandPhotoshop
August11,2011byEthicalHacker
(LiveHacking.Com)FollowingGooglesupdate
ofChrometoincludeanewversionofAdobe
FlashPlayer,Adobehasnow
releasedadditionalsecuritybulletinslisting
criticalandimportantvulnerabilitiesinmultiple
productsincludingShockwave,FlashMedia
ServerandPhotoshop.Thefulllistis:
AdobeShockwavePlayer11.6.0.626and
earlierversionsontheWindowsandMacintosh
operatingsystems
AdobeFlashMediaServer4.0.2andearlier
versions
AdobeFlashMediaServer3.5.6andearlier
versionsforWindowsandLinux
AdobePhotoshopCS5andCS5.1andearlierforWindowsandMacintosh
RoboHelp9.0.1.233andearlier,RoboHelp8,RoboHelpServer9,andRoboHelpServer8
Exploitationofthesevulnerabilitiesmayallowanattackertoexecutearbitrarycode,causeadenialof
servicecondition,takecontrolofanaffectedsystem,orperformacrosssitescriptingattack.
Memorycorruptions
WiththeexceptionofRoboHelp,allthepatchesfixmemorycorruptionswhichifexploitedcouldlead
toexecutearbitrarycode.Forexample,thevulnerabilityinPhotoshopCS5andCS5.1,forWindows
andMacintosh,couldbeexploitedwithamalicious.GIFfilewhenitisopenedinPhotoshopbythe
user.
FiledUnder:Adobe,Adobe,Vulnerability

TaggedWith:Adobe,FlashMediaServer,Photoshop,

Shockwave

TheHSecurity:ScopeofDLLsecurityproblemwidens
Update
August27,2010byLiveHacking

http://www.livehacking.com/tag/photoshop/

3/4

12/4/2016

Photoshop|LIVEHACKING

AfterHDMoorereleaseddetailslastweekabouttheDLLproblemunderWindows,alongwithatesting
tool,anincreasingnumberofaffectedapplicationsandtheirmatchingexploitshavebeenreported.In
additiontoFirefoxandOpera,vulnerableprogramsincludesuchpopularapplicationsasPowerPoint,
Photoshop,Dreamweaver,VLC,uTorrentandWiresharkineachcase,thecurrentversionisaffected.
TheyalluseaninsecurewayofloadingDLLsinwhichatanearlystagethesearchordercontainsthe
currentdirectoryadirectorythatcouldbeonanetworkdevice.
Readthefullstoryhere.
Source:[TheHSecurity]
FiledUnder:Microsoft,Microsoft,Vulnerability

TaggedWith:DDLInjection,Dreamweaver,

Microsoft,Photoshop,PowerPoint,uTorrent,VLC,Wireshark

COPYRIGHT20092013LIVEHACKING.COMALLRIGHTSRESERVEDPOWEREDBYARTSECGROUPLLC
INFORMATIONSECURITYNEWS,ETHICALHACKINGTRAININGANDTUTORIALS,PENETRATIONTESTINGTOOLSANDTECHNIQUES
ALLTRADEMARKSANDCOPYRIGHTSONTHISPAGEAREOWNEDBYTHEIRRESPECTIVEOWNERS.UNLESSOTHERWISESTATEDTHECONTENTSOFTHISWEBSITEARE
LICENCEDUNDERATTRIBUTIONNONCOMMERCIALSHAREALIKE3.0UNPORTED(CCBYNCSA3.0).

http://www.livehacking.com/tag/photoshop/

4/4