You are here

U-002:Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities

October 4, 2011 - 11:00am

Addthis

PROBLEM:

Adobe Photoshop Elements Multiple Memory Corruption Vulnerabilities.

PLATFORM:

Adobe Photoshop Elements 8.0 and earlier versions for Windows.

ABSTRACT:
 

A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
 

reference LINKS:
  

Adobe Advisory: APSA11-03
SecurityTracker Alert ID: 1026132
SecurityFocus: CVE-2011-2443
 

IMPACT ASSESSMENT:
 

High

Discussion:

A vulnerability was reported in Adobe Photoshop Elements. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted '.grd' or '.abr' file that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.
 

Impact:

A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. Vulnerabilities exist in Adobe Photoshop Elements 8.0 and earlier versions. These two buffer overflow vulnerabilities (CVE-2011-2443) could cause a crash and potentially allow an attacker to take control of the affected system. An attacker would need to convince a user to open a malicious binary .grd or .abr file to successfully exploit the issue. Adobe is not aware of any attacks exploiting these vulnerabilities against Adobe Photoshop Elements to date. Photoshop Elements 10 and Photoshop Elements 9 are not vulnerable to this issue. Because Adobe Photoshop 8 and earlier versions are no longer supported, Adobe recommends users upgrade to Photoshop Elements 10 or Photoshop Elements 9.

Solution:

Adobe recommends users upgrade to Photoshop Elements 10 or Photoshop Elements 9.
Adobe Supported Products

 

 

Addthis