| Vulnerability Name: | CVE-2007-2244 (CCN-33838) | ||||||||
| Assigned: | 2007-04-24 | ||||||||
| Published: | 2007-04-24 | ||||||||
| Updated: | 2017-10-11 | ||||||||
| Summary: | Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file. | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 7.3 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-2244 Source: OSVDB Type: UNKNOWN 38064 Source: OSVDB Type: UNKNOWN 38065 Source: OSVDB Type: UNKNOWN 38066 Source: CCN Type: SA25023 Adobe Photoshop BMP.8BI Bitmap File Handling Buffer Overflow Source: SECUNIA Type: Vendor Advisory 25023 Source: CCN Type: SA26846 Adobe Illustrator PNG/BMP File Processing Vulnerabilities Source: SECUNIA Type: Vendor Advisory 26846 Source: CCN Type: SA26864 Adobe GoLive PNG/BMP File Processing Vulnerabilities Source: SECUNIA Type: Vendor Advisory 26864 Source: CCN Type: SECTRACK ID: 1017962 Adobe Photoshop Buffer Overflow in Processing BMP/DIB/RLE Files Lets Remote Users Execute Arbitrary Code Source: CCN Type: SECTRACK ID: 1018792 Adobe Illustrator Input Validation Flaws in Processing BMP, DIB, RLE, or PNG Files Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1018792 Source: CCN Type: Adobe Web site Photoshop CS3 editions Source: CCN Type: Adobe Product Security Bulletin APSB07-13 Photoshop CS2 and CS3 updates to address security vulnerabilities Source: CONFIRM Type: UNKNOWN http://www.adobe.com/support/security/bulletins/apsb07-13.html Source: CCN Type: Adobe Product Security Bulletin APSB07-16 Illustrator CS3 update to address potential security vulnerabilities Source: CONFIRM Type: UNKNOWN http://www.adobe.com/support/security/bulletins/apsb07-16.html Source: CCN Type: Adobe Product Security Bulletin APSB07-17 GoLive 9 update to address potential security vulnerabilities Source: CONFIRM Type: UNKNOWN http://www.adobe.com/support/security/bulletins/apsb07-17.html Source: OSVDB Type: UNKNOWN 35370 Source: CCN Type: OSVDB ID: 35370 Adobe Photoshop Document Handling Overflow Source: CCN Type: OSVDB ID: 38064 Adobe Multiple Products BMP File Handling Arbitrary Code Execution Source: CCN Type: OSVDB ID: 38065 Adobe Multiple Products DIB File Handling Arbitrary Code Execution Source: CCN Type: OSVDB ID: 38066 Adobe Multiple Products RLE File Handling Arbitrary Code Execution Source: CCN Type: OSVDB ID: 44579 Adobe Multiple Products Crafted BMP File Handling Overflow Source: BID Type: Exploit 23621 Source: CCN Type: BID-23621 Adobe Photoshop Multiple File Format Buffer Overflow Vulnerability Source: SECTRACK Type: UNKNOWN 1017962 Source: VUPEN Type: Vendor Advisory ADV-2007-1523 Source: VUPEN Type: Vendor Advisory ADV-2007-3442 Source: VUPEN Type: Vendor Advisory ADV-2007-3443 Source: XF Type: UNKNOWN adobe-multiple-files-bo(33838) Source: XF Type: UNKNOWN adobe-multiple-files-bo(33838) Source: EXPLOIT-DB Type: UNKNOWN 3793 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||