Adobe Photoshop CS4 Buffer Overflow Vulnerability

Secunia ID	SA39934
CVE-ID	CVE-2010-1296
Release Date	27 May 2010
Last Change	02 Jun 2010
Criticality	Highly Critical
Solution Status	Vendor Patch
Software	Adobe Photoshop CS4 11.x
Where	From remote
Impact	System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Description	A vulnerability has been discovered in Adobe Photoshop CS4, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in Photoshop.exe when processing file strings. This can be exploited to cause a heap-based buffer overflow via an overly long string included in e.g. an .ASL, .GRD, or .ABR file. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 11.0.1. Prior versions may also be affected.
Solution	Update to version 11.0.2. Adobe Photoshop CS4 11.0.2 for Windows: http://www.adobe.com/support/downloads/detail.jsp?ftpID=4713 Adobe Photoshop CS4 11.0.2 for Macintosh: http://www.adobe.com/support/downloads/detail.jsp?ftpID=4712
Reported by	Gjoko Krstic, Zero Science Lab
Original Advisory	Adobe: http://www.adobe.com/support/security/bulletins/apsb10-13.html Zero Science Lab: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php