Sign-up

ID

VAR-201602-0316


CVE

CVE-2016-0953


TITLE

Adobe Photoshop CC and Bridge CC Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2016-001446

DESCRIPTION

Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0951 and CVE-2016-0952. Adobe PS CC is a set of the latest image processing and drawing software. Adobe Bridge CC is the control center of Adobe Creative Suite (a product suite integrating graphic design, video editing, web design and other applications)

Trust: 1.8

sources: NVD: CVE-2016-0953 // JVNDB: JVNDB-2016-001446 // VULHUB: VHN-88463 // VULMON: CVE-2016-0953

AFFECTED PRODUCTS

vendor:adobemodel:bridge ccscope:lteversion:6.1

Trust: 1.0

vendor:adobemodel:photoshop ccscope:lteversion:16.1.1

Trust: 1.0

vendor:adobemodel:bridge ccscope:ltversion:6.2 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:photoshop ccscope:ltversion:2014 15.2.4 (2014.2.4) (windows/macintosh)

Trust: 0.8

vendor:adobemodel:photoshop ccscope:ltversion:2015 16.1.2 (2015.1.2) (windows/macintosh)

Trust: 0.8

vendor:adobemodel:photoshop ccscope:eqversion:16.1.1

Trust: 0.6

vendor:adobemodel:bridge ccscope:eqversion:6.1

Trust: 0.6

sources: JVNDB: JVNDB-2016-001446 // CNNVD: CNNVD-201602-217 // NVD: CVE-2016-0953

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-0953
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-0953
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201602-217
value: CRITICAL

Trust: 0.6

VULHUB: VHN-88463
value: HIGH

Trust: 0.1

VULMON: CVE-2016-0953
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-0953
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-88463
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-0953
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-88463 // VULMON: CVE-2016-0953 // JVNDB: JVNDB-2016-001446 // CNNVD: CNNVD-201602-217 // NVD: CVE-2016-0953

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-88463 // JVNDB: JVNDB-2016-001446 // NVD: CVE-2016-0953

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-217

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201602-217

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001446

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-88463 // 
            
            
            
            VULMON: CVE-2016-0953

PATCH
title:APSB16-03url:http://helpx.adobe.com/security/products/photoshop/apsb16-03.html
Trust: 0.8
title:APSB16-03url:http://helpx.adobe.com/jp/security/products/photoshop/apsb16-03.html
Trust: 0.8
title:Adobe Photoshop CC  and Bridge CC Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60159
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-001446 // 
            
            
            
            CNNVD: CNNVD-201602-217

EXTERNAL IDS
db:NVDid:CVE-2016-0953
Trust: 2.7
db:SECTRACKid:1034979
Trust: 1.2
db:EXPLOIT-DBid:39431
Trust: 1.2
db:JVNDBid:JVNDB-2016-001446
Trust: 0.8
db:CNNVDid:CNNVD-201602-217
Trust: 0.7
db:VULHUBid:VHN-88463
Trust: 0.1
db:BIDid:83114
Trust: 0.1
db:VULMONid:CVE-2016-0953
Trust: 0.1
db:PACKETSTORMid:135736
Trust: 0.1
sources:
            
            
            VULHUB: VHN-88463 // 
            
            
            
            VULMON: CVE-2016-0953 // 
            
            
            
            JVNDB: JVNDB-2016-001446 // 
            
            
            
            PACKETSTORM: 135736 // 
            
            
            
            CNNVD: CNNVD-201602-217 // 
            
            
            
            NVD: CVE-2016-0953

REFERENCES
url:https://helpx.adobe.com/security/products/photoshop/apsb16-03.html
Trust: 1.8
url:https://www.exploit-db.com/exploits/39431/
Trust: 1.3
url:http://www.securitytracker.com/id/1034979
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0953
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0953
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/83114
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-0951
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-0953
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2016-0952
Trust: 0.1
sources:
            
            
            VULHUB: VHN-88463 // 
            
            
            
            VULMON: CVE-2016-0953 // 
            
            
            
            JVNDB: JVNDB-2016-001446 // 
            
            
            
            PACKETSTORM: 135736 // 
            
            
            
            CNNVD: CNNVD-201602-217 // 
            
            
            
            NVD: CVE-2016-0953

CREDITS
Francis Provencher
Trust: 0.1
sources:
            
            
            PACKETSTORM: 135736

SOURCES
db:VULHUBid:VHN-88463
db:VULMONid:CVE-2016-0953
db:JVNDBid:JVNDB-2016-001446
db:PACKETSTORMid:135736
db:CNNVDid:CNNVD-201602-217
db:NVDid:CVE-2016-0953

LAST UPDATE DATE
2024-11-23T22:27:02.983000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-88463date:2017-09-10T00:00:00
db:VULMONid:CVE-2016-0953date:2017-09-10T00:00:00
db:JVNDBid:JVNDB-2016-001446date:2016-02-19T00:00:00
db:CNNVDid:CNNVD-201602-217date:2016-02-15T00:00:00
db:NVDid:CVE-2016-0953date:2024-11-21T02:42:42.367

SOURCES RELEASE DATE
db:VULHUBid:VHN-88463date:2016-02-10T00:00:00
db:VULMONid:CVE-2016-0953date:2016-02-10T00:00:00
db:JVNDBid:JVNDB-2016-001446date:2016-02-19T00:00:00
db:PACKETSTORMid:135736date:2016-02-12T01:33:15
db:CNNVDid:CNNVD-201602-217date:2016-02-15T00:00:00
db:NVDid:CVE-2016-0953date:2016-02-10T20:59:06.687