CVSS: 9.3EPSS: 2%CPEs: 6EXPL: 2CVE-2010-3127 – Adobe Photoshop CS2 - 'Wintab32.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-3127
Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the same folder as a PSD or other file that is processed by PhotoShop. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ruta de búsqueda no confiable en Adobe PhotoShop CS2 hasta CS5 permite a usuarios locales, y puede que atacantes remotos, ejecutar código de su elección y producir un ataque de secuestro de DLL, a través de un troyano dwmapi.dll o Wintab32.dll que está ubicado en la misma carpeta que un fichero as a PSD u otro fichero que sea procesado por PhotoShop. NOTA: Algunos de estos detalles han sido obtenidos de fuentes de terceros. • https://www.exploit-db.com/exploits/14741 http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html http://secunia.com/advisories/41060 http://www.exploit-db.com/exploits/14741 http://www.vupen.com/english/advisories/2010/2170 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6778 •
CVSS: 9.3EPSS: 15%CPEs: 2EXPL: 13CVE-2010-1296 – Adobe Photoshop CS4 Extended 11.0 - '.ASL' File Handling Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2010-1296
Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file. Múltiples desbordamiento de búfer en Adobe Photoshop CS4 anterior a v11.0.2 permite a atacantes asistidos por el usuario ejecutar código de su elección a través de un fichero manipulado (1) .ASL, (2) .ABR, o (3) .GRD Adobe Photoshop CS4 Extended suffers from a buffer overflow vulnerability when dealing with .GRD (gradients) format file. The application fails to sanitize the user input resulting in a memory corruption, overwriting several memory registers which can aid the attacker to gain the power of executing arbitrary code or denial of service. Version CS4 Extended 11.0.0.0 is affected. • https://www.exploit-db.com/exploits/12753 https://www.exploit-db.com/exploits/12751 https://www.exploit-db.com/exploits/12752 http://www.adobe.com/support/security/bulletins/apsb10-13.html http://www.exploit-db.com/exploits/12751 http://www.exploit-db.com/exploits/12752 http://www.exploit-db.com/exploits/12753 http://www.securityfocus.com/bid/40389 http://www.securitytracker.com/id?1024042 http://www.zeroscience.mk/codes/psbrush_bof.txt http://www.zeroscience.mk&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2010-1279
https://notcve.org/view.php?id=CVE-2010-1279
Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x before 11.0.1 allow user-assisted remote attackers to execute arbitrary code via a crafted TIFF file. Múltiples vulnerabilidades sin especificar en Adobe Photoshop CS4 v11.x anterior a v11.0.1 permiten a atacantes remotos ejecutar código de su elección a través de archivos TIFF manipulados. • http://secunia.com/advisories/39711 http://www.adobe.com/support/security/bulletins/apsb10-10.html http://www.securityfocus.com/bid/39849 http://www.vupen.com/english/advisories/2010/1049 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.6EPSS: 0%CPEs: 60EXPL: 0CVE-2006-0525
https://notcve.org/view.php?id=CVE-2006-0525
Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs. • http://secunia.com/advisories/18698 http://securitytracker.com/id?1015577 http://securitytracker.com/id?1015578 http://securitytracker.com/id?1015579 http://www.adobe.com/support/techdocs/332644.html http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf http://www.kb.cert.org/vuls/id/953860 http://www.osvdb.org/22908 http://www.securityfocus.com/archive/1/423587/100/0/threaded http://www.securityfocus.com/bid/16451 http://www.vupen.com/english/advisories/2006/ • CWE-264: Permissions, Privileges, and Access Controls •