SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Adobe Photoshop Vendors:   Adobe Systems Incorporated
Adobe Photoshop Remote COM Scripting Objects Let Remote Users Deny Service
SecurityTracker Alert ID:  1009675
SecurityTracker URL:  http://securitytracker.com/id/1009675
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 6 2004
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 8.0 (CS)
Description:   Rafel Ivgi (The-Insider) reported a vulnerability in Adobe Photoshop. A remote user can cause denial of service conditions on the target system.

It is reported that a remote user can create HTML containing references to Adobe Photoshop COM objects. When the HTML is loaded from a remote location, the code will cause the target user's Internet Explorer browser to crash. Affected objects include 'Photoshop.Application.8' and 'Photoshop.PhotoCDOpenOptions.8', the report said.

A demonstration exploit script is provided:

<script language=vbscript>
Dim cooler
Set cooler = CreateObject("Photoshop.Application.8" )
</script>

Impact:   A remote user can create HTML that, when loaded, will cause the target user's Internet Explorer browser to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.adobe.com/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Adobe Photoshop 8.0 (CS) - Local Path Disclosure and causing I.E


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application:     Adobe Photoshop
Vendors:          http://www.adobe.com
Version:           8.0 (CS)
Platforms:        Windows
Bug:                 Local Path Disclosure and D.O.S
Risk:                 Medium - Denial Of Service
Exploitation:    Remote with browser
Date:                1 Apr 2004
Author:             Rafel Ivgi, The-Insider
e-mail:              the_insider@mail.com
web:                 http://theinsider.deep-ice.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1) Introduction
2) Bugs
3) The Code

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

===============
1) Introduction
===============

Adobe Photoshop is one of the worlds best graphic editors.
It has a great set of tools, layer combinations, brushes, amazing software.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

======
2) Bug
======

Adobe Photoshop registers a lot of COM objects(such as
"Photoshop.Application.8"
and "Photoshop.PhotoCDOpenOptions.8"). These objects are marked as "safe"
for scripting. Therefore they can be created remotely(which is the root of
the problem - they should not!).

Unfortunatly , adobe did not design their object correctly, because upon any
remote
creation of a Photoshop Object a message pops up saying adobe photoshop
security
caught "potential tampering with photoshop", however it also reveals the
local path
of which photoshop was installed in and the Internet Explorer window stops
responding(D.O.S).

For Example:
<script language=vbscript>
Dim cooler
Set cooler = CreateObject("Photoshop.Application.8" )
</script>

Will show where photoshop is installed and that
Internet Explorer window stops responding(D.O.S).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

===========
3) The Code
===========

This is Proof Of Concept Code:
------------------- CUT HERE -------------------
<script language=vbscript>
Dim cooler
Set cooler = CreateObject("Photoshop.Application.8" )
</script>
------------------- CUT HERE -------------------


Or


------------------- CUT HERE -------------------
<script language=vbscript>
dim cooler
Set cooler = CreateObject("Photoshop.PhotoCDOpenOptions.8" )
</script>
------------------- CUT HERE -------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

---
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com

"Only the one who sees the invisible , Can do the Impossible."



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC