Buffer overflow in Adobe Photoshop_cs5

CVE-2012-2052

Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada asset element in a DAE file, as demonst…

Vulnerability class: Buffer Overflow

EPSS: 0.581 (98.2th percentile) — read the EPSS interpretation.

Affected products

Adobe Photoshop_cs5 — versions 12.0, 12.0.1, 12.0.2
Adobe Photoshop_cs5.1 — versions 12.1
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

psirt@adobe.com (Exploit, x_refsource_MISC)
49160 (x_refsource_SECUNIA, third-party-advisory)
psirt@adobe.com (Exploit, x_refsource_MISC)
81832 (x_refsource_OSVDB, vdb-entry)
53464 (Exploit, vdb-entry, x_refsource_BID)
psirt@adobe.com (x_refsource_CONFIRM, Vendor Advisory)
20120510 Adobe Photoshop CS5.1 U3D.8BI Library Collada Asset Elements Stack Based Buffer Overflow Vulnerability (mailing-list, Exploit, x_refsource_BUGTRAQ)