Sign-up

ID

VAR-201506-0076


CVE

CVE-2015-3110


TITLE

Adobe Photoshop CC and Adobe Bridge CC Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-003254

DESCRIPTION

Integer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors. Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed attempts will likely cause a denial-of-service condition. Adobe PS CC is a set of the latest image processing and drawing software. Adobe Bridge CC is the control center of Adobe Creative Suite (a product suite integrating graphic design, video editing, web design and other applications)

Trust: 2.07

sources: NVD: CVE-2015-3110 // JVNDB: JVNDB-2015-003254 // BID: 75243 // VULHUB: VHN-81071 // VULMON: CVE-2015-3110

AFFECTED PRODUCTS

vendor:adobemodel:photoshop ccscope:lteversion:15.2.2

Trust: 1.0

vendor:adobemodel:bridgescope:lteversion:6.1

Trust: 1.0

vendor:adobemodel:bridge ccscope:ltversion:6.1.1 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:photoshop ccscope:ltversion:16.0 (2015.0.0) (windows/macintosh)

Trust: 0.8

vendor:adobemodel:photoshop ccscope:eqversion:15.2.2

Trust: 0.6

vendor:adobemodel:bridgescope:eqversion:6.1

Trust: 0.6

vendor:adobemodel:photoshop ccscope:eqversion:2014(15.2.2)(2014.2.2)

Trust: 0.3

vendor:adobemodel:bridge ccscope:eqversion:6.1

Trust: 0.3

vendor:adobemodel:photoshop ccscope:neversion:201516.0(2015.0.0)

Trust: 0.3

vendor:adobemodel:bridge ccscope:neversion:6.1.1

Trust: 0.3

sources: BID: 75243 // JVNDB: JVNDB-2015-003254 // CNNVD: CNNVD-201506-454 // NVD: CVE-2015-3110

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3110
value: HIGH

Trust: 1.0

NVD: CVE-2015-3110
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201506-454
value: CRITICAL

Trust: 0.6

VULHUB: VHN-81071
value: HIGH

Trust: 0.1

VULMON: CVE-2015-3110
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-3110
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-81071
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81071 // VULMON: CVE-2015-3110 // JVNDB: JVNDB-2015-003254 // CNNVD: CNNVD-201506-454 // NVD: CVE-2015-3110

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.9

sources: VULHUB: VHN-81071 // JVNDB: JVNDB-2015-003254 // NVD: CVE-2015-3110

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-454

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201506-454

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003254

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-81071 // 
            
            
            
            VULMON: CVE-2015-3110

PATCH
title:APSB15-12url:http://helpx.adobe.com/security/products/photoshop/apsb15-12.html
Trust: 0.8
title:APSB15-13url:http://helpx.adobe.com/security/products/bridge/apsb15-13.html
Trust: 0.8
title:APSB15-12url:http://helpx.adobe.com/jp/security/products/photoshop/apsb15-12.html
Trust: 0.8
title:APSB15-13url:http://helpx.adobe.com/jp/security/products/bridge/apsb15-13.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003254

EXTERNAL IDS
db:NVDid:CVE-2015-3110
Trust: 2.9
db:BIDid:75243
Trust: 2.1
db:SECTRACKid:1032659
Trust: 1.2
db:SECTRACKid:1032658
Trust: 1.2
db:JVNDBid:JVNDB-2015-003254
Trust: 0.8
db:CNNVDid:CNNVD-201506-454
Trust: 0.7
db:EXPLOIT-DBid:37347
Trust: 0.2
db:VULHUBid:VHN-81071
Trust: 0.1
db:VULMONid:CVE-2015-3110
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81071 // 
            
            
            
            VULMON: CVE-2015-3110 // 
            
            
            
            BID: 75243 // 
            
            
            
            JVNDB: JVNDB-2015-003254 // 
            
            
            
            CNNVD: CNNVD-201506-454 // 
            
            
            
            NVD: CVE-2015-3110

REFERENCES
url:https://helpx.adobe.com/security/products/bridge/apsb15-13.html
Trust: 2.1
url:https://helpx.adobe.com/security/products/photoshop/apsb15-12.html
Trust: 2.1
url:http://www.securityfocus.com/bid/75243
Trust: 1.9
url:http://www.securitytracker.com/id/1032658
Trust: 1.2
url:http://www.securitytracker.com/id/1032659
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3110
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3110
Trust: 0.8
url:https://creative.adobe.com/products/bridge
Trust: 0.3
url:http://www.adobe.com/in/products/photoshop/features.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/189.html
Trust: 0.1
url:https://www.exploit-db.com/exploits/37347/
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39434
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81071 // 
            
            
            
            VULMON: CVE-2015-3110 // 
            
            
            
            BID: 75243 // 
            
            
            
            JVNDB: JVNDB-2015-003254 // 
            
            
            
            CNNVD: CNNVD-201506-454 // 
            
            
            
            NVD: CVE-2015-3110

CREDITS
Francis Provencher of Protek Research Labs
Trust: 0.9
sources:
            
            
            BID: 75243 // 
            
            
            
            CNNVD: CNNVD-201506-454

SOURCES
db:VULHUBid:VHN-81071
db:VULMONid:CVE-2015-3110
db:BIDid:75243
db:JVNDBid:JVNDB-2015-003254
db:CNNVDid:CNNVD-201506-454
db:NVDid:CVE-2015-3110

LAST UPDATE DATE
2024-08-14T13:34:01.153000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-81071date:2016-12-28T00:00:00
db:VULMONid:CVE-2015-3110date:2016-12-28T00:00:00
db:BIDid:75243date:2015-06-16T00:00:00
db:JVNDBid:JVNDB-2015-003254date:2015-06-25T00:00:00
db:CNNVDid:CNNVD-201506-454date:2015-06-25T00:00:00
db:NVDid:CVE-2015-3110date:2016-12-28T02:59:10.730

SOURCES RELEASE DATE
db:VULHUBid:VHN-81071date:2015-06-24T00:00:00
db:VULMONid:CVE-2015-3110date:2015-06-24T00:00:00
db:BIDid:75243date:2015-06-16T00:00:00
db:JVNDBid:JVNDB-2015-003254date:2015-06-25T00:00:00
db:CNNVDid:CNNVD-201506-454date:2015-06-24T00:00:00
db:NVDid:CVE-2015-3110date:2015-06-24T10:59:03.027