English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Adobe Photoshop Elements Brush / Gradient File Parsing Buffer Overflow


Secunia ID

SA46277

CVE-ID

CVE-2011-2443

Release Date

03 Oct 2011

Last Change

05 Oct 2011

Criticality

Highly Critical

Solution Status

Unpatched

Software

Adobe Photoshop Elements 1.x
Adobe Photoshop Elements 2.x
Adobe Photoshop Elements 3.x
Adobe Photoshop Elements 4.x
Adobe Photoshop Elements 5.x
Adobe Photoshop Elements 6.x
Adobe Photoshop Elements 7.x
Adobe Photoshop Elements 8.x

Where

From remote

Impact
System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

Description

Gjoko Krstic has discovered a vulnerability in Adobe Photoshop Elements, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when processing certain structures within Brush (ABR) and Gradient (GRD) files. This can be exploited to cause a heap-based buffer overflow via a specially crafted ".abr" or ".grd" file.

Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening a malicious file.

The vulnerability is confirmed in version 8.0 20090905.r.605812 and reported by the vendor to affect versions 8.0 and earlier.

Solution

Upgrade to version 10.

Reported by

Gjoko Krstic, Zero Science Lab.

Original Advisory

Adobe:
http://www.adobe.com/support/security/advisories/apsa11-03.html

Zero Science Lab:
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5049.php