Sign-up

ID

VAR-201506-0077


CVE

CVE-2015-3111


TITLE

Adobe Photoshop CC and Adobe Bridge CC Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-003255

DESCRIPTION

Heap-based buffer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts likely result in denial-of-service conditions. Adobe PS CC is a set of the latest image processing and drawing software. Adobe Bridge CC is the control center of Adobe Creative Suite (a product suite integrating graphic design, video editing, web design and other applications)

Trust: 2.07

sources: NVD: CVE-2015-3111 // JVNDB: JVNDB-2015-003255 // BID: 75240 // VULHUB: VHN-81072 // VULMON: CVE-2015-3111

AFFECTED PRODUCTS

vendor:adobemodel:photoshop ccscope:lteversion:15.2.2

Trust: 1.0

vendor:adobemodel:bridgescope:lteversion:6.1

Trust: 1.0

vendor:adobemodel:bridge ccscope:ltversion:6.1.1 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:photoshop ccscope:ltversion:16.0 (2015.0.0) (windows/macintosh)

Trust: 0.8

vendor:adobemodel:photoshop ccscope:eqversion:15.2.2

Trust: 0.6

vendor:adobemodel:bridgescope:eqversion:6.1

Trust: 0.6

vendor:adobemodel:photoshop ccscope:eqversion:2014(15.2.2)(2014.2.2)

Trust: 0.3

vendor:adobemodel:photoshop ccscope:neversion:201516.0(2015.0.0)

Trust: 0.3

sources: BID: 75240 // JVNDB: JVNDB-2015-003255 // CNNVD: CNNVD-201506-456 // NVD: CVE-2015-3111

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3111
value: HIGH

Trust: 1.0

NVD: CVE-2015-3111
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201506-456
value: CRITICAL

Trust: 0.6

VULHUB: VHN-81072
value: HIGH

Trust: 0.1

VULMON: CVE-2015-3111
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-3111
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-81072
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81072 // VULMON: CVE-2015-3111 // JVNDB: JVNDB-2015-003255 // CNNVD: CNNVD-201506-456 // NVD: CVE-2015-3111

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-81072 // JVNDB: JVNDB-2015-003255 // NVD: CVE-2015-3111

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-456

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201506-456

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003255

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-81072 // 
            
            
            
            VULMON: CVE-2015-3111

PATCH
title:APSB15-12url:http://helpx.adobe.com/security/products/photoshop/apsb15-12.html
Trust: 0.8
title:APSB15-13url:http://helpx.adobe.com/security/products/bridge/apsb15-13.html
Trust: 0.8
title:APSB15-12url:http://helpx.adobe.com/jp/security/products/photoshop/apsb15-12.html
Trust: 0.8
title:APSB15-13url:http://helpx.adobe.com/jp/security/products/bridge/apsb15-13.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003255

EXTERNAL IDS
db:NVDid:CVE-2015-3111
Trust: 2.9
db:BIDid:75240
Trust: 2.1
db:SECTRACKid:1032659
Trust: 1.2
db:SECTRACKid:1032658
Trust: 1.2
db:JVNDBid:JVNDB-2015-003255
Trust: 0.8
db:CNNVDid:CNNVD-201506-456
Trust: 0.7
db:EXPLOIT-DBid:37348
Trust: 0.2
db:VULHUBid:VHN-81072
Trust: 0.1
db:VULMONid:CVE-2015-3111
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81072 // 
            
            
            
            VULMON: CVE-2015-3111 // 
            
            
            
            BID: 75240 // 
            
            
            
            JVNDB: JVNDB-2015-003255 // 
            
            
            
            CNNVD: CNNVD-201506-456 // 
            
            
            
            NVD: CVE-2015-3111

REFERENCES
url:https://helpx.adobe.com/security/products/photoshop/apsb15-12.html
Trust: 2.1
url:http://www.securityfocus.com/bid/75240
Trust: 1.9
url:https://helpx.adobe.com/security/products/bridge/apsb15-13.html
Trust: 1.8
url:http://www.securitytracker.com/id/1032658
Trust: 1.2
url:http://www.securitytracker.com/id/1032659
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3111
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3111
Trust: 0.8
url:http://www.adobe.com
Trust: 0.3
url:http://www.adobe.com/in/products/photoshop/features.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.exploit-db.com/exploits/37348/
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39434
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81072 // 
            
            
            
            VULMON: CVE-2015-3111 // 
            
            
            
            BID: 75240 // 
            
            
            
            JVNDB: JVNDB-2015-003255 // 
            
            
            
            CNNVD: CNNVD-201506-456 // 
            
            
            
            NVD: CVE-2015-3111

CREDITS
Francis Provencher of Protek Research Labs
Trust: 0.9
sources:
            
            
            BID: 75240 // 
            
            
            
            CNNVD: CNNVD-201506-456

SOURCES
db:VULHUBid:VHN-81072
db:VULMONid:CVE-2015-3111
db:BIDid:75240
db:JVNDBid:JVNDB-2015-003255
db:CNNVDid:CNNVD-201506-456
db:NVDid:CVE-2015-3111

LAST UPDATE DATE
2024-08-14T13:34:01.044000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-81072date:2016-12-28T00:00:00
db:VULMONid:CVE-2015-3111date:2016-12-28T00:00:00
db:BIDid:75240date:2015-06-16T00:00:00
db:JVNDBid:JVNDB-2015-003255date:2015-06-25T00:00:00
db:CNNVDid:CNNVD-201506-456date:2015-06-25T00:00:00
db:NVDid:CVE-2015-3111date:2016-12-28T02:59:10.793

SOURCES RELEASE DATE
db:VULHUBid:VHN-81072date:2015-06-24T00:00:00
db:VULMONid:CVE-2015-3111date:2015-06-24T00:00:00
db:BIDid:75240date:2015-06-16T00:00:00
db:JVNDBid:JVNDB-2015-003255date:2015-06-25T00:00:00
db:CNNVDid:CNNVD-201506-456date:2015-06-24T00:00:00
db:NVDid:CVE-2015-3111date:2015-06-24T10:59:04.027