CVE-2012-2027 – Adobe Photoshop 12.1 - '.tiff' Parsing Use-After-Free
https://notcve.org/view.php?id=CVE-2012-2027
Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a crafted TIFF (aka .TIF) file. Una vulnerabilidad de uso de memoria previamente liberada en Photoshop CS5 versiones 12.x anteriores a 12.0.5 y CS5.1 versiones 12.1.x anteriores a 12.1.1 de Adobe, permite a los atacantes remotos ejecutar código arbitrario por medio de un TIFF diseñada (también se conoce como .TIF). • https://www.exploit-db.com/exploits/18633 http://www.adobe.com/support/security/bulletins/apsb12-11.html http://www.securityfocus.com/bid/52634 • CWE-399: Resource Management Errors •
CVE-2012-2028
https://notcve.org/view.php?id=CVE-2012-2028
Buffer overflow in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de buffer en Adobe Photoshop antes de CS6, permite a atacantes remotos ejecutar código de su elección a través de un archivo TIFF modificado (también conocido como .TIF). • http://www.adobe.com/support/security/bulletins/apsb12-11.html http://www.securityfocus.com/bid/53421 http://www.securitytracker.com/id?1027046 https://exchange.xforce.ibmcloud.com/vulnerabilities/75457 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-2131 – Adobe Photoshop CS5 - '.gif' Remote Code Execution
https://notcve.org/view.php?id=CVE-2011-2131
Adobe Photoshop 12.0 in Creative Suite 5 (CS5) and 12.1 in Creative Suite 5.1 (CS5.1) allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GIF file. Adobe Photoshop v12.0 en Creative Suite 5 (CS5) y v12.1 en Creative Suite v5.1 (CS5.1) permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo GIF creado. • https://www.exploit-db.com/exploits/17712 http://securityreason.com/securityalert/8347 http://www.adobe.com/support/security/bulletins/apsb11-22.html http://www.us-cert.gov/cas/techalerts/TA11-222A.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-2164
https://notcve.org/view.php?id=CVE-2011-2164
Multiple unspecified vulnerabilities in Adobe Photoshop before 12.0.4 have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en Adobe Photoshop antes de v12.0.4 tienen un impacto y vectores de ataque desconocidos. • http://blogs.adobe.com/jnack/2011/05/photoshop-12-0-4-update-for-cs5-arrives.html http://secunia.com/advisories/44419 http://securitytracker.com/id?1025483 http://www.adobe.com/support/downloads/detail.jsp?ftpID=4973 http://www.vupen.com/english/advisories/2011/1169 •
CVE-2010-3127 – Adobe Photoshop CS2 - 'Wintab32.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-3127
Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the same folder as a PSD or other file that is processed by PhotoShop. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ruta de búsqueda no confiable en Adobe PhotoShop CS2 hasta CS5 permite a usuarios locales, y puede que atacantes remotos, ejecutar código de su elección y producir un ataque de secuestro de DLL, a través de un troyano dwmapi.dll o Wintab32.dll que está ubicado en la misma carpeta que un fichero as a PSD u otro fichero que sea procesado por PhotoShop. NOTA: Algunos de estos detalles han sido obtenidos de fuentes de terceros. • https://www.exploit-db.com/exploits/14741 http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html http://secunia.com/advisories/41060 http://www.exploit-db.com/exploits/14741 http://www.vupen.com/english/advisories/2010/2170 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6778 •