{"id":16090,"date":"2019-08-16T11:40:02","date_gmt":"2019-08-16T19:40:02","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/08\/16\/news-9833\/"},"modified":"2019-08-16T11:40:02","modified_gmt":"2019-08-16T19:40:02","slug":"news-9833","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/08\/16\/news-9833\/","title":{"rendered":"FortiGuard Labs Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Photoshop"},"content":{"rendered":"
\n
\n

This past May I discovered and reported multiple critical zero-day vulnerabilities in Adobe Photoshop CC 2019 to the software developer, Adobe Inc. Last Tuesday (Aug 13, 2019), Adobe released several security patches<\/a> to fix those issues as part of their Patch Tuesday Initiative.<\/p>\n

These vulnerabilities are identified as CVE-2019-7990, CVE-2019-7991, CVE-2019-7992, CVE-2019-7993, CVE-2019-7997, CVE-2019-7998, CVE-2019-7999, CVE-2019-8000 and\u00a0CVE-2019-8001. All of these vulnerabilities have different root causes, though they are all related to Photoshop Plugins. Due to the critical rating of these vulnerabilities, we strongly recommend that users apply the recently released Adobe patches as soon as possible.<\/p>\n

Following are the basic details for each of these vulnerabilities:<\/h2>\n

CVE-2019-7990<\/b><\/a><\/b><\/h4>\n

This is a Memory Corruption Vulnerability that exists in the decoding of U3D (Universal 3D) files in Adobe Photoshop. Specifically, the vulnerability is caused by a malformed U3D file, which leads to an Out of Bounds Write memory access due to an improper bounds check. The specific vulnerability exists in the \u2018U3D\u2019 plugin.<\/p>\n

Attackers can exploit this vulnerability by leveraging the out of bounds access for unintended writes or frees, potentially leading to code corruption, control-flow hijack, or information leak attack. A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted U3D file.<\/p>\n

Solution<\/b><\/h4>\n

Fortinet IPS signature Adobe.Photoshop.Memory.Corruption.CVE-2019-7990<\/b> was previously released to protect our customers from this specific vulnerability.<\/p>\n

CVE-2019-7991<\/b><\/a><\/b><\/h4>\n

This is a Memory Corruption Vulnerability that exists in the decoding of U3D (Universal 3D) files in Adobe Photoshop. Specifically, the vulnerability is caused by a malformed U3D file, which leads to an Out of Bounds memory access due to an improper bounds check. The specific vulnerability exists in the \u2018U3D\u2019 plugin.<\/p>\n

Attackers can exploit this vulnerability by leveraging the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack. A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted U3D file.<\/p>\n

Solution<\/b><\/h4>\n

Fortinet IPS signature Adobe.Photoshop.Memory.Corruption.CVE-2019-7991<\/b> was previously released to protect our customers from this specific vulnerability.<\/p>\n

CVE-2019-7992<\/b><\/a><\/h4>\n

This is a Heap Overflow Vulnerability that exists in the Adobe Photoshop \u2018Standard_MultiPlugin\u2019 plugin. Specifically, the vulnerability is caused by a malformed TGA (Targa) file that contains crafted ColorIndex data within the Run-Length-Encoding Compressed Image file. It causes an Out of Bounds Write memory access due to an improper bounds check when manipulating a pointer to a heap allocated buffer.<\/p>\n

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application,via a crafted TGA file.<\/p>\n

Solution<\/b><\/h4>\n

Fortinet IPS signature Adobe.Photoshop.Memory.Corruption.CVE-2019-7992 <\/b>was previously released to protect our customers from this specific vulnerability.<\/p>\n

CVE-2019-7993<\/b><\/a><\/h4>\n

This is a Heap Overflow Vulnerability that exists in the decoding of PCT files in Adobe Photoshop. Specifically, the vulnerability is caused by a malformed PCT file, which leads to an Out of Bounds memory access due to an improper bounds check. The specific vulnerability exists in the \u2018MMXCore\u2019 plugin.<\/p>\n

Attackers can exploit this vulnerability by leveraging the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack. A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCT file.<\/p>\n

Solution<\/b><\/h4>\n

Fortinet IPS signature Adobe.Photoshop.Memory.Corruption.CVE-2019-7993 <\/b>was previously released to protect our customers from this specific vulnerability..<\/p>\n

CVE-2019-7997<\/b><\/a><\/h4>\n

This is a Memory Corruption Vulnerability that exists in the decoding of EXR files in Adobe Photoshop. Specifically, the vulnerability is caused by a malformed EXR file, which leads to an Out of Bounds Write memory access due to an improper bounds check. The specific vulnerability exists in the \u2018Standard_MultiPlugin\u2019 plugin.<\/p>\n

Attackers can exploit this vulnerability by leveraging the out of bounds access for unintended writes or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack. A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted EXR file.<\/p>\n

Solution<\/b><\/h4>\n

Fortinet IPS signature Adobe.Photoshop.Memory.Corruption.CVE-2019-7997<\/b> was previously released to protect our customers from this specific vulnerability.<\/p>\n

CVE-2019-7998<\/b><\/a><\/h4>\n

This is a Memory Corruption Vulnerability that exists in the decoding of EXR files in Adobe Photoshop. Specifically, the vulnerability is caused by a malformed EXR file, which leads to an Out of Bounds Write memory access due to an improper bounds check. The specific vulnerability exists in the \u2018Standard_MultiPlugin\u2019 plugin.<\/p>\n

Attackers can exploit this vulnerability by leveraging the out of bounds access for unintended writes or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack. A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted EXR file.<\/p>\n

Solution<\/b><\/h4>\n

Fortinet IPS signature Adobe.Photoshop.Memory.Corruption.CVE-2019-7998<\/b> was previously released to protect our customers from this specific vulnerability.<\/p>\n

CVE-2019-7999<\/b><\/a><\/h4>\n

This is a Memory Corruption Vulnerability that exists in the decoding of EXR files in Adobe Photoshop. Specifically, the vulnerability is caused by a malformed EXR file, which leads to an Out of Bounds memory access due to an improper bounds check. The specific vulnerability exists in the \u2018Standard_MultiPlugin\u2019 plugin.<\/p>\n

Attackers can exploit this vulnerability by leveraging the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack. A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted EXR file.<\/p>\n

Solution<\/b><\/h4>\n

Fortinet IPS signature Adobe.Photoshop.Memory.Corruption.CVE-2019-7999<\/b> was previously released to protect our customers from this specific vulnerability.<\/p>\n

CVE-2019-8000<\/b><\/a><\/h4>\n

This is a Memory Corruption Vulnerability that exists in the decoding of EXR files in Adobe Photoshop. Specifically, the vulnerability is caused by a malformed EXR file, which leads to an Out of Bounds memory access due to improper bounds check. The specific vulnerability exists in the \u2018Standard_MultiPlugin\u2019 plugin.<\/p>\n

Attackers can exploit this vulnerability by leveraging the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack. A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted EXR file.<\/p>\n

Solution<\/b><\/h4>\n

Fortinet IPS signature Adobe.Photoshop.Memory.Corruption.CVE-2019-8000<\/b> was previously released to protect our customers from this specific vulnerability.<\/p>\n

CVE-2019-8001<\/b><\/a><\/b><\/h4>\n

This is a Memory Corruption Vulnerability that exists in the decoding of EXR files in Adobe Photoshop. Specifically, the vulnerability is caused by a malformed EXR file, which leads to an Out of Bounds Write memory access due to an improper bounds check. The specific vulnerability exists in the \u2018Standard_MultiPlugin\u2019 plugin.<\/p>\n

Attackers can exploit this vulnerability by leveraging the out of bounds access for unintended writes or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack. A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted EXR file.<\/p>\n

Solution<\/b><\/h4>\n

Fortinet IPS signature Adobe.Photoshop.Memory.Corruption.CVE-2019-8001<\/b> was previously released to protect our customers from this specific vulnerability.<\/p>\n

Learn more about\u00a0FortiGuard Labs<\/a>\u00a0and the FortiGuard Security Services\u00a0portfolio<\/a>.\u00a0Sign up<\/a>\u00a0for our weekly FortiGuard Threat Brief.\u00a0<\/i><\/p>\n

Read about the FortiGuard\u00a0Security Rating Service<\/a>, which provides security audits and best practices.<\/i><\/p>\n<\/p><\/div>\n

\n
\n
<\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n

http:\/\/feeds.feedburner.com\/fortinet\/blog\/threat-research<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Learn more about the Adobe Photoshop zero-day vulnerabilities discovered by our FortiGuard Labs researchers, and the security patches to fix those as part of their Patch Tuesday Initiative.<img src=”http:\/\/feeds.feedburner.com\/~r\/fortinet\/blog\/threat-research\/~4\/kxvWdRIXO5I” height=”1″ width=”1″ alt=””\/><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10424,10378],"tags":[],"class_list":["post-16090","post","type-post","status-publish","format-standard","hentry","category-fortinet","category-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16090","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=16090"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16090\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=16090"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=16090"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=16090"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}