Executive Summary

Informations
NameCVE-2010-1296First vendor Publication2010-05-27
VendorCveLast vendor Modification2010-06-18

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1296

CWE : Common Weakness Enumeration

idName
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26061
 
Oval ID: oval:org.mitre.oval:def:26061
Title: Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2
Description: Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1296
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2008 R2
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Adobe Photoshop
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2

ExploitDB Exploits

idDescription
2010-05-26Adobe Photoshop CS4 Extended 11.0 ASL File Handling Remote BoF PoC
2010-05-26Adobe Photoshop CS4 Extended 11.0 GRD File Handling Remote Buffer Overflow PoC
2010-05-26Adobe Photoshop CS4 Extended 11.0 ABR File Handling Remote Buffer Overflow PoC

OpenVAS Exploits

DateDescription
2010-06-15Name : Adobe Photoshop Multiple Buffer Overflow Vulnerabilities
File : nvt/gb_adobe_photoshop_mult_bof_vuln.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
65082Adobe Photoshop CS4 Multiple Crafted File Handling Overflows

Snort® IPS/IDS

DateDescription
2014-01-10Adobe Photoshop CS4 ABR file processing buffer overflow attempt
RuleID : 17147 - Revision : 6 - Type : FILE-IMAGE
2014-01-10Adobe Photoshop CS4 GRD file processing buffer overflow attempt
RuleID : 17146 - Revision : 7 - Type : FILE-IMAGE
2014-01-10Adobe Photoshop CS4 ASL file processing buffer overflow attempt
RuleID : 17145 - Revision : 7 - Type : FILE-IMAGE
2014-01-10Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 2
RuleID : 17144 - Revision : 7 - Type : FILE-IMAGE
2014-01-10Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 1
RuleID : 17143 - Revision : 6 - Type : FILE-IMAGE

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/40389
CONFIRMhttp://www.adobe.com/support/security/bulletins/apsb10-13.html
EXPLOIT-DBhttp://www.exploit-db.com/exploits/12751
http://www.exploit-db.com/exploits/12752
http://www.exploit-db.com/exploits/12753
MISChttp://www.zeroscience.mk/codes/psbrush_bof.txt
http://www.zeroscience.mk/codes/psgradient_bof.txt
http://www.zeroscience.mk/codes/psstyle_bof.txt
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4938.php
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4939.php
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4940.php
SECTRACKhttp://www.securitytracker.com/id?1024042
XFhttp://xforce.iss.net/xforce/xfdb/58888

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-01-19 21:26:46
  • Multiple Updates
2013-05-10 23:21:54
  • Multiple Updates