Vulnerabilities > CVE-2018-4946 - Out-of-bounds Write vulnerability in Adobe Photoshop CC

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
adobe
CWE-787
nessus
NVD
Published: 2018-07-09
Updated: 2021-09-08

Summary

Adobe Photoshop CC versions 19.1.3 and earlier, 18.1.3 and earlier, and 18.1.2 and earlier have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Vulnerable Configurations

Part Description Count
Application
Adobe
9
OS
Apple
1
OS
Microsoft
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_ADOBE_PHOTOSHOP_APSB18-17.NASL
    descriptionThe version of Adobe Photoshop CC installed on the remote macOS or Mac OS X host is 18.x prior to 18.1.4 (2017.1.4) or 19.x prior to 19.1.4 (2018.1.4). It is, therefore, affected by an unspecified remote code execution vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id109865
    published2018-05-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109865
    titleAdobe Photoshop CC 18.x < 18.1.4 / 19.x < 19.1.4 Remote Code Execution Vulnerability (APSB18-17) (macOS)
  • NASL familyWindows
    NASL idADOBE_PHOTOSHOP_APSB18-17.NASL
    descriptionThe version of Adobe Photoshop CC installed on the remote Windows host is 18.x prior to 18.1.4 (2017.1.4) or 19.x prior to 19.1.4 (2018.1.4). It is, therefore, affected by an unspecified remote code execution vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id109864
    published2018-05-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109864
    titleAdobe Photoshop CC 18.x < 18.1.4 / 19.x < 19.1.4 Remote Code Execution Vulnerability (APSB18-17)

The Hacker News

idTHN:86F66C6C30C7EF893A4E3EBEFE5062A1
last seen2018-05-14
modified2018-05-14
published2018-05-14
reporterMohit Kumar
sourcehttps://thehackernews.com/2018/05/adobe-security-patch-update.html
titleAdobe Releases Critical Security Updates for Acrobat, Reader and Photoshop CC

References