Vulnerabilities > CVE-2017-11304 - Use After Free vulnerability in Adobe Photoshop

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

adobe

CWE-416

critical

nessus

NVD

Published: 2017-12-09

Updated: 2017-12-14

Summary

An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution.

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Photoshop - Adobe Photoshop 2.5 Adobe Photoshop 3.0 Adobe Photoshop 4.0 Adobe Photoshop 5.0 Adobe Photoshop 6.0 Adobe Photoshop 6.0.1 Adobe Photoshop 7.0 Adobe Photoshop 7.0.1 Adobe Photoshop 8.0 Adobe Photoshop 9.0 Adobe Photoshop 9.0.1 Adobe Photoshop 9.0.2 Adobe Photoshop 10.0 Adobe Photoshop 10.0.1 Adobe Photoshop 11.0 Adobe Photoshop 11.0.1 Adobe Photoshop 11.0.2 Adobe Photoshop 11.0.4 Adobe Photoshop 12.0.0 Adobe Photoshop 12.0.1 Adobe Photoshop 12.0.2 Adobe Photoshop 12.0.3 Adobe Photoshop 12.0.4 Adobe Photoshop 15.0 Adobe Photoshop 15.2.2 Adobe Photoshop 16.0 Adobe Photoshop 16.1 Adobe Photoshop 17.0 Adobe Photoshop 17.0.1 Adobe Photoshop 18.0 Adobe Photoshop 18.0.1 Adobe Photoshop 18.1.0 Adobe Photoshop 18.1.1	36

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_ADOBE_PHOTOSHOP_APSB17-34.NASL
description	The version of Adobe Photoshop CC installed on the remote macOS or Mac OS X host is 18.x prior to 18.1.2 (2017.1.2). It is, therefore, affected by multiple vulnerabilities. This includes two remote code execution vulnerabilities.
last seen	2020-06-01
modified	2020-06-02
plugin id	104630
published	2017-11-16
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/104630
title	Adobe Photoshop CC 18.x < 18.1.2 Multiple Vulnerabilities (APSB17-34) (macOS)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(104630); script_version("1.5"); script_cvs_date("Date: 2019/11/12"); script_cve_id("CVE-2017-11303", "CVE-2017-11304"); script_bugtraq_id(101829); script_name(english:"Adobe Photoshop CC 18.x < 18.1.2 Multiple Vulnerabilities (APSB17-34) (macOS)"); script_summary(english:"Checks the Photoshop version."); script_set_attribute(attribute:"synopsis", value: "The remote host has an application installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Adobe Photoshop CC installed on the remote macOS or Mac OS X host is 18.x prior to 18.1.2 (2017.1.2). It is, therefore, affected by multiple vulnerabilities. This includes two remote code execution vulnerabilities."); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/photoshop/apsb17-34.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Adobe Photoshop CC version 18.1.2 (2017.1.2) or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-11304"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/14"); script_set_attribute(attribute:"patch_publication_date", value:"2017/11/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:photoshop_cc"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_adobe_photoshop_installed.nasl"); script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "installed_sw/Adobe Photoshop"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("audit.inc"); include("install_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); os = get_kb_item('Host/MacOSX/Version'); if (!os) audit(AUDIT_OS_NOT, 'Mac OS X'); app = 'Adobe Photoshop'; install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE); product = install['name']; if ("CC" >!< product) exit(0, "Only Adobe Photoshop CC is affected."); path = install['path']; version = install['version']; # version 18.x < 18.1.2 Vuln if ( version =~ "^18\." ) fix = '18.1.2'; else audit(AUDIT_NOT_INST, app + " 18.x"); if (ver_compare(ver:version, fix:fix, strict:FALSE) < 0) { report = '\n Product : ' + product + '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fix; security_report_v4(port:0, extra:report, severity:SECURITY_HOLE); } else audit(AUDIT_INST_VER_NOT_VULN, app + " CC", version);

NASL family	Windows
NASL id	ADOBE_PHOTOSHOP_APSB17-34.NASL
description	The version of Adobe Photoshop CC installed on the remote Windows host is 18.x prior to 18.1.2 (2017.1.2). It is, therefore, affected by multiple vulnerabilities. This includes two remote code execution vulnerabilities.
last seen	2020-06-01
modified	2020-06-02
plugin id	104629
published	2017-11-16
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/104629
title	Adobe Photoshop CC 18.x < 18.1.2 Multiple Vulnerabilities (APSB17-12)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(104629); script_version("1.6"); script_cvs_date("Date: 2019/11/12"); script_cve_id("CVE-2017-11303", "CVE-2017-11304"); script_bugtraq_id(101829); script_name(english:"Adobe Photoshop CC 18.x < 18.1.2 Multiple Vulnerabilities (APSB17-12)"); script_summary(english:"Checks the Photoshop version."); script_set_attribute(attribute:"synopsis", value: "The remote host has an application installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Adobe Photoshop CC installed on the remote Windows host is 18.x prior to 18.1.2 (2017.1.2). It is, therefore, affected by multiple vulnerabilities. This includes two remote code execution vulnerabilities."); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/photoshop/apsb17-34.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Adobe Photoshop CC 18.1.2 (2017.1.2) or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-11304"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/14"); script_set_attribute(attribute:"patch_publication_date", value:"2017/11/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:photoshop_cc"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("adobe_photoshop_installed.nasl"); script_require_keys("installed_sw/Adobe Photoshop", "SMB/Registry/Enumerated"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); get_kb_item_or_exit("SMB/Registry/Enumerated"); app_name = "Adobe Photoshop"; install = get_single_install(app_name: app_name, exit_if_unknown_ver: TRUE); product_name = install['Product']; if ("CC" >!< product_name) exit(0, "Only Adobe Photoshop CC is affected."); ver = install['version']; path = install['path']; ver_ui = install['display_version']; # version 18.x < 18.1.2 Vuln if ( ver =~ "^18\." ) fix = '18.1.2'; else audit(AUDIT_NOT_INST, app_name + " 18.x"); if (ver_compare(ver: ver, fix: fix, strict:FALSE) < 0) { port = get_kb_item("SMB/transport"); if (isnull(port)) port = 445; report = '\n Product : ' + product_name + '\n Path : ' + path + '\n Installed version : ' + ver_ui + '\n Fixed version : ' + fix + '\n'; security_report_v4(port:port, extra:report, severity:SECURITY_HOLE); } else audit(AUDIT_INST_PATH_NOT_VULN, app_name, ver_ui, path);

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References