Adobe Products BMP Handling Buffer Overflow Vulnerability - Security


Editor Login \| Register		Ekle

> World > Security

Adobe Products BMP Handling Buffer Overflow Vulnerability - Security - World -

CWRedLight

(Date : 23.04.2008 00:51:53)

%10

Adobe Products BMP Handling Buffer Overflow Vulnerability

Secunia Advisory:	SA29838
Release Date:	2008-04-22

Critical:	Highly critical
Impact:	System access
Where:	From remote
Solution Status:	Unpatched

Software:	Adobe After Effects CS3 Adobe Photoshop Album Starter Edition 3.x

CVE reference:	CVE-2008-1765 (Secunia mirror)

Description:
A vulnerability has been reported in multiple Adobe products, which potentially can be exploited by malicious people to compromise a user"s system.

The vulnerability is caused due to a boundary error when handling BMP files. This can be exploited to cause a buffer overflow via a BMP file having a malformed header.

This may be related to:
SA25023
SA25044

Successful exploitation may allow execution of arbitrary code via a specially crafted BMP file.

NOTE: Reportedly, the vulnerability can also be exploited when a malicious storage device (e.g. USB drives, cameras) is being attached to a vulnerable computer.

The vulnerability is reported in Adobe Photoshop Album Starter Edition 3.2 and Adobe After Effects CS3. Other versions may also be affected.

Solution:
Do not process untrusted BMP files using the affected applications.

Do not connect untrusted storage devices to the local computer.

Provided and/or discovered by:
Scott Laurie

Original Advisory:
Adobe:
http://www.adobe.com/support/security/advisories/apsa08-04.html

http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0551.html

Other References:
SA25023:
http://secunia.com/advisories/25023/

SA25044:
http://secunia.com/advisories/25044/

Derecelendir

Kaynak

http://secunia.com/advisories/29838/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project

AUP&TOS