Sign-up

ID

VAR-201506-0078


CVE

CVE-2015-3112


TITLE

Adobe Photoshop CC and Adobe Bridge CC Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-003256

DESCRIPTION

Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Adobe PS CC is a set of the latest image processing and drawing software. Adobe Bridge CC is the control center of Adobe Creative Suite (a product suite integrating graphic design, video editing, web design and other applications)

Trust: 2.07

sources: NVD: CVE-2015-3112 // JVNDB: JVNDB-2015-003256 // BID: 75245 // VULHUB: VHN-81073 // VULMON: CVE-2015-3112

AFFECTED PRODUCTS

vendor:adobemodel:photoshop ccscope:lteversion:15.2.2

Trust: 1.0

vendor:adobemodel:bridgescope:lteversion:6.1

Trust: 1.0

vendor:adobemodel:bridge ccscope:ltversion:6.1.1 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:photoshop ccscope:ltversion:16.0 (2015.0.0) (windows/macintosh)

Trust: 0.8

vendor:adobemodel:photoshop ccscope:eqversion:15.2.2

Trust: 0.6

vendor:adobemodel:bridgescope:eqversion:6.1

Trust: 0.6

vendor:adobemodel:photoshop ccscope:eqversion:2014(15.2.2)(2014.2.2)

Trust: 0.3

vendor:adobemodel:bridge ccscope:eqversion:6.1

Trust: 0.3

vendor:adobemodel:photoshop ccscope:neversion:201516.0(2015.0.0)

Trust: 0.3

vendor:adobemodel:bridge ccscope:neversion:6.1.1

Trust: 0.3

sources: BID: 75245 // JVNDB: JVNDB-2015-003256 // CNNVD: CNNVD-201506-445 // NVD: CVE-2015-3112

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3112
value: HIGH

Trust: 1.0

NVD: CVE-2015-3112
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201506-445
value: CRITICAL

Trust: 0.6

VULHUB: VHN-81073
value: HIGH

Trust: 0.1

VULMON: CVE-2015-3112
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-3112
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-81073
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81073 // VULMON: CVE-2015-3112 // JVNDB: JVNDB-2015-003256 // CNNVD: CNNVD-201506-445 // NVD: CVE-2015-3112

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-81073 // JVNDB: JVNDB-2015-003256 // NVD: CVE-2015-3112

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-445

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201506-445

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003256

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-81073 // 
            
            
            
            VULMON: CVE-2015-3112

PATCH
title:APSB15-12url:http://helpx.adobe.com/security/products/photoshop/apsb15-12.html
Trust: 0.8
title:APSB15-13url:http://helpx.adobe.com/security/products/bridge/apsb15-13.html
Trust: 0.8
title:APSB15-12url:http://helpx.adobe.com/jp/security/products/photoshop/apsb15-12.html
Trust: 0.8
title:APSB15-13url:http://helpx.adobe.com/jp/security/products/bridge/apsb15-13.html
Trust: 0.8
title:Photoshop_16_LS20_win32url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56486
Trust: 0.6
title:Bridge_6_LS20url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56489
Trust: 0.6
title:Bridge_6_LS20_win32url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56488
Trust: 0.6
title:Photoshop_16_LS20url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56487
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-003256 // 
            
            
            
            CNNVD: CNNVD-201506-445

EXTERNAL IDS
db:NVDid:CVE-2015-3112
Trust: 2.9
db:BIDid:75245
Trust: 2.1
db:SECTRACKid:1032659
Trust: 1.2
db:SECTRACKid:1032658
Trust: 1.2
db:JVNDBid:JVNDB-2015-003256
Trust: 0.8
db:CNNVDid:CNNVD-201506-445
Trust: 0.7
db:EXPLOIT-DBid:37348
Trust: 0.2
db:VULHUBid:VHN-81073
Trust: 0.1
db:VULMONid:CVE-2015-3112
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81073 // 
            
            
            
            VULMON: CVE-2015-3112 // 
            
            
            
            BID: 75245 // 
            
            
            
            JVNDB: JVNDB-2015-003256 // 
            
            
            
            CNNVD: CNNVD-201506-445 // 
            
            
            
            NVD: CVE-2015-3112

REFERENCES
url:https://helpx.adobe.com/security/products/bridge/apsb15-13.html
Trust: 2.1
url:https://helpx.adobe.com/security/products/photoshop/apsb15-12.html
Trust: 2.1
url:http://www.securityfocus.com/bid/75245
Trust: 1.9
url:http://www.securitytracker.com/id/1032658
Trust: 1.2
url:http://www.securitytracker.com/id/1032659
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3112
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3112
Trust: 0.8
url:https://creative.adobe.com/products/bridge
Trust: 0.3
url:http://www.adobe.com
Trust: 0.3
url:http://www.adobe.com/in/products/photoshop/features.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.exploit-db.com/exploits/37348/
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39434
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81073 // 
            
            
            
            VULMON: CVE-2015-3112 // 
            
            
            
            BID: 75245 // 
            
            
            
            JVNDB: JVNDB-2015-003256 // 
            
            
            
            CNNVD: CNNVD-201506-445 // 
            
            
            
            NVD: CVE-2015-3112

CREDITS
Francis Provencher of Protek Research Labs
Trust: 0.9
sources:
            
            
            BID: 75245 // 
            
            
            
            CNNVD: CNNVD-201506-445

SOURCES
db:VULHUBid:VHN-81073
db:VULMONid:CVE-2015-3112
db:BIDid:75245
db:JVNDBid:JVNDB-2015-003256
db:CNNVDid:CNNVD-201506-445
db:NVDid:CVE-2015-3112

LAST UPDATE DATE
2024-08-14T13:34:01.116000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-81073date:2016-12-28T00:00:00
db:VULMONid:CVE-2015-3112date:2016-12-28T00:00:00
db:BIDid:75245date:2015-06-17T00:00:00
db:JVNDBid:JVNDB-2015-003256date:2015-06-25T00:00:00
db:CNNVDid:CNNVD-201506-445date:2015-06-25T00:00:00
db:NVDid:CVE-2015-3112date:2016-12-28T02:59:10.857

SOURCES RELEASE DATE
db:VULHUBid:VHN-81073date:2015-06-24T00:00:00
db:VULMONid:CVE-2015-3112date:2015-06-24T00:00:00
db:BIDid:75245date:2015-06-17T00:00:00
db:JVNDBid:JVNDB-2015-003256date:2015-06-25T00:00:00
db:CNNVDid:CNNVD-201506-445date:2015-06-24T00:00:00
db:NVDid:CVE-2015-3112date:2015-06-24T10:59:04.993