Adobe Photoshop CS5 Collada File Processing Buffer Overflow
Adobe Photoshop CS5 Collada File Processing Buffer Overflow Vulnerability
Release Date : 2012-05-15
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Unpatched
Software: Adobe Photoshop CS5 12.x
Andrea Micalizzi has discovered a vulnerability in Adobe Photoshop CS5, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the U3D.8BI plug-in when processing certain Collada file elements. This can be exploited to cause a stack-based buffer overflow via a specially crafted DAE file.
Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening a malicious file.
The vulnerability is confirmed in version CS5 12.1 (20110328.r.145). Other versions may also be affected.
Upgrade to Adobe Photoshop CS6.
Provided and/or discovered by:
Andrea Micalizzi (rgod)