CVE-2015-3112
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@adobe.com — https://helpx.adobe.com/security/products/photoshop/apsb15-12.html
Vendor advisory: psirt@adobe.com — https://helpx.adobe.com/security/products/bridge/apsb15-13.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| macos | not-affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| adobe | bridge | {"endIncluding":"6.1"} | |
| adobe | photoshop_cc | {"endIncluding":"15.2.2"} | |
References
- http://www.securityfocus.com/bid/75245
- http://www.securitytracker.com/id/1032658
- http://www.securitytracker.com/id/1032659
- https://helpx.adobe.com/security/products/bridge/apsb15-13.html
- https://helpx.adobe.com/security/products/photoshop/apsb15-12.html
- http://www.securityfocus.com/bid/75245
- http://www.securitytracker.com/id/1032658
- http://www.securitytracker.com/id/1032659
- https://helpx.adobe.com/security/products/bridge/apsb15-13.html
- https://helpx.adobe.com/security/products/photoshop/apsb15-12.html
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.