Sign-up

ID

VAR-201602-0314


CVE

CVE-2016-0951


TITLE

Adobe Photoshop CC and Bridge CC Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2016-001444

DESCRIPTION

Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0952 and CVE-2016-0953. Adobe PS CC is a set of the latest image processing and drawing software. Adobe Bridge CC is the control center of Adobe Creative Suite (a product suite integrating graphic design, video editing, web design and other applications)

Trust: 1.8

sources: NVD: CVE-2016-0951 // JVNDB: JVNDB-2016-001444 // VULHUB: VHN-88461 // VULMON: CVE-2016-0951

AFFECTED PRODUCTS

vendor:adobemodel:bridge ccscope:lteversion:6.1

Trust: 1.0

vendor:adobemodel:photoshop ccscope:lteversion:16.1.1

Trust: 1.0

vendor:adobemodel:bridge ccscope:ltversion:6.2 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:photoshop ccscope:ltversion:2014 15.2.4 (2014.2.4) (windows/macintosh)

Trust: 0.8

vendor:adobemodel:photoshop ccscope:ltversion:2015 16.1.2 (2015.1.2) (windows/macintosh)

Trust: 0.8

vendor:adobemodel:photoshop ccscope:eqversion:16.1.1

Trust: 0.6

vendor:adobemodel:bridge ccscope:eqversion:6.1

Trust: 0.6

sources: JVNDB: JVNDB-2016-001444 // CNNVD: CNNVD-201602-215 // NVD: CVE-2016-0951

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-0951
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-0951
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201602-215
value: CRITICAL

Trust: 0.6

VULHUB: VHN-88461
value: HIGH

Trust: 0.1

VULMON: CVE-2016-0951
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-0951
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-88461
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-0951
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-88461 // VULMON: CVE-2016-0951 // JVNDB: JVNDB-2016-001444 // CNNVD: CNNVD-201602-215 // NVD: CVE-2016-0951

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-88461 // JVNDB: JVNDB-2016-001444 // NVD: CVE-2016-0951

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-215

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201602-215

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001444

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-88461 // 
            
            
            
            VULMON: CVE-2016-0951

PATCH
title:APSB16-03url:http://helpx.adobe.com/security/products/photoshop/apsb16-03.html
Trust: 0.8
title:APSB16-03url:http://helpx.adobe.com/jp/security/products/photoshop/apsb16-03.html
Trust: 0.8
title:Adobe Photoshop CC  and Bridge CC Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60157
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-001444 // 
            
            
            
            CNNVD: CNNVD-201602-215

EXTERNAL IDS
db:NVDid:CVE-2016-0951
Trust: 2.7
db:SECTRACKid:1034979
Trust: 1.2
db:EXPLOIT-DBid:39429
Trust: 1.2
db:JVNDBid:JVNDB-2016-001444
Trust: 0.8
db:CNNVDid:CNNVD-201602-215
Trust: 0.7
db:PACKETSTORMid:135736
Trust: 0.2
db:VULHUBid:VHN-88461
Trust: 0.1
db:BIDid:83114
Trust: 0.1
db:VULMONid:CVE-2016-0951
Trust: 0.1
sources:
            
            
            VULHUB: VHN-88461 // 
            
            
            
            VULMON: CVE-2016-0951 // 
            
            
            
            JVNDB: JVNDB-2016-001444 // 
            
            
            
            PACKETSTORM: 135736 // 
            
            
            
            CNNVD: CNNVD-201602-215 // 
            
            
            
            NVD: CVE-2016-0951

REFERENCES
url:https://helpx.adobe.com/security/products/photoshop/apsb16-03.html
Trust: 1.8
url:https://www.exploit-db.com/exploits/39429/
Trust: 1.3
url:http://www.securitytracker.com/id/1034979
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0951
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0951
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/83114
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-0951
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-0953
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-0952
Trust: 0.1
sources:
            
            
            VULHUB: VHN-88461 // 
            
            
            
            VULMON: CVE-2016-0951 // 
            
            
            
            JVNDB: JVNDB-2016-001444 // 
            
            
            
            PACKETSTORM: 135736 // 
            
            
            
            CNNVD: CNNVD-201602-215 // 
            
            
            
            NVD: CVE-2016-0951

CREDITS
Francis Provencher
Trust: 0.1
sources:
            
            
            PACKETSTORM: 135736

SOURCES
db:VULHUBid:VHN-88461
db:VULMONid:CVE-2016-0951
db:JVNDBid:JVNDB-2016-001444
db:PACKETSTORMid:135736
db:CNNVDid:CNNVD-201602-215
db:NVDid:CVE-2016-0951

LAST UPDATE DATE
2024-11-23T22:27:03.016000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-88461date:2017-09-10T00:00:00
db:VULMONid:CVE-2016-0951date:2017-09-10T00:00:00
db:JVNDBid:JVNDB-2016-001444date:2016-02-19T00:00:00
db:CNNVDid:CNNVD-201602-215date:2016-02-15T00:00:00
db:NVDid:CVE-2016-0951date:2024-11-21T02:42:42.123

SOURCES RELEASE DATE
db:VULHUBid:VHN-88461date:2016-02-10T00:00:00
db:VULMONid:CVE-2016-0951date:2016-02-10T00:00:00
db:JVNDBid:JVNDB-2016-001444date:2016-02-19T00:00:00
db:PACKETSTORMid:135736date:2016-02-12T01:33:15
db:CNNVDid:CNNVD-201602-215date:2016-02-15T00:00:00
db:NVDid:CVE-2016-0951date:2016-02-10T20:59:04.607