Sign-up

ID

VAR-201602-0315


CVE

CVE-2016-0952


TITLE

Adobe Photoshop CC and Bridge CC Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2016-001445

DESCRIPTION

Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0951 and CVE-2016-0953. Adobe PS CC is a set of the latest image processing and drawing software. Adobe Bridge CC is the control center of Adobe Creative Suite (a product suite integrating graphic design, video editing, web design and other applications)

Trust: 1.8

sources: NVD: CVE-2016-0952 // JVNDB: JVNDB-2016-001445 // VULHUB: VHN-88462 // VULMON: CVE-2016-0952

AFFECTED PRODUCTS

vendor:adobemodel:bridge ccscope:lteversion:6.1

Trust: 1.0

vendor:adobemodel:photoshop ccscope:lteversion:16.1.1

Trust: 1.0

vendor:adobemodel:bridge ccscope:ltversion:6.2 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:photoshop ccscope:ltversion:2014 15.2.4 (2014.2.4) (windows/macintosh)

Trust: 0.8

vendor:adobemodel:photoshop ccscope:ltversion:2015 16.1.2 (2015.1.2) (windows/macintosh)

Trust: 0.8

vendor:adobemodel:photoshop ccscope:eqversion:16.1.1

Trust: 0.6

vendor:adobemodel:bridge ccscope:eqversion:6.1

Trust: 0.6

sources: JVNDB: JVNDB-2016-001445 // CNNVD: CNNVD-201602-216 // NVD: CVE-2016-0952

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-0952
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-0952
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201602-216
value: CRITICAL

Trust: 0.6

VULHUB: VHN-88462
value: HIGH

Trust: 0.1

VULMON: CVE-2016-0952
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-0952
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-88462
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-0952
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-88462 // VULMON: CVE-2016-0952 // JVNDB: JVNDB-2016-001445 // CNNVD: CNNVD-201602-216 // NVD: CVE-2016-0952

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-88462 // JVNDB: JVNDB-2016-001445 // NVD: CVE-2016-0952

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-216

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201602-216

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001445

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-88462 // 
            
            
            
            VULMON: CVE-2016-0952

PATCH
title:APSB16-03url:http://helpx.adobe.com/security/products/photoshop/apsb16-03.html
Trust: 0.8
title:APSB16-03url:http://helpx.adobe.com/jp/security/products/photoshop/apsb16-03.html
Trust: 0.8
title:Adobe Photoshop CC  and Bridge CC Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60158
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-001445 // 
            
            
            
            CNNVD: CNNVD-201602-216

EXTERNAL IDS
db:NVDid:CVE-2016-0952
Trust: 2.7
db:EXPLOIT-DBid:39430
Trust: 1.2
db:SECTRACKid:1034979
Trust: 1.2
db:JVNDBid:JVNDB-2016-001445
Trust: 0.8
db:CNNVDid:CNNVD-201602-216
Trust: 0.7
db:VULHUBid:VHN-88462
Trust: 0.1
db:BIDid:83114
Trust: 0.1
db:VULMONid:CVE-2016-0952
Trust: 0.1
db:PACKETSTORMid:135736
Trust: 0.1
sources:
            
            
            VULHUB: VHN-88462 // 
            
            
            
            VULMON: CVE-2016-0952 // 
            
            
            
            JVNDB: JVNDB-2016-001445 // 
            
            
            
            PACKETSTORM: 135736 // 
            
            
            
            CNNVD: CNNVD-201602-216 // 
            
            
            
            NVD: CVE-2016-0952

REFERENCES
url:https://helpx.adobe.com/security/products/photoshop/apsb16-03.html
Trust: 1.8
url:https://www.exploit-db.com/exploits/39430/
Trust: 1.3
url:http://www.securitytracker.com/id/1034979
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0952
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0952
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/83114
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-0951
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-0953
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-0952
Trust: 0.1
sources:
            
            
            VULHUB: VHN-88462 // 
            
            
            
            VULMON: CVE-2016-0952 // 
            
            
            
            JVNDB: JVNDB-2016-001445 // 
            
            
            
            PACKETSTORM: 135736 // 
            
            
            
            CNNVD: CNNVD-201602-216 // 
            
            
            
            NVD: CVE-2016-0952

CREDITS
Francis Provencher
Trust: 0.1
sources:
            
            
            PACKETSTORM: 135736

SOURCES
db:VULHUBid:VHN-88462
db:VULMONid:CVE-2016-0952
db:JVNDBid:JVNDB-2016-001445
db:PACKETSTORMid:135736
db:CNNVDid:CNNVD-201602-216
db:NVDid:CVE-2016-0952

LAST UPDATE DATE
2024-11-23T22:27:02.950000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-88462date:2017-09-10T00:00:00
db:VULMONid:CVE-2016-0952date:2017-09-10T00:00:00
db:JVNDBid:JVNDB-2016-001445date:2016-02-19T00:00:00
db:CNNVDid:CNNVD-201602-216date:2016-02-15T00:00:00
db:NVDid:CVE-2016-0952date:2024-11-21T02:42:42.247

SOURCES RELEASE DATE
db:VULHUBid:VHN-88462date:2016-02-10T00:00:00
db:VULMONid:CVE-2016-0952date:2016-02-10T00:00:00
db:JVNDBid:JVNDB-2016-001445date:2016-02-19T00:00:00
db:PACKETSTORMid:135736date:2016-02-12T01:33:15
db:CNNVDid:CNNVD-201602-216date:2016-02-15T00:00:00
db:NVDid:CVE-2016-0952date:2016-02-10T20:59:05.577