Friday, December 8, 2017

Vulnerability Spotlight: TALOS-2017-0393 / CVE-2017-2886 - ACDSee Ultimate 10 Remote Code Execution Vulnerability

Vulnerability discovered by Piotr Bania of Cisco Talos.

Overview


Talos has discovered a remote code execution vulnerability in the ACDSee Ultimate 10 application from ACD Systems International Inc. Exploiting this vulnerabilities can potentially allow an attacker to gain full control over the victim's machine. If an attacker builds a specially crafted .PSD (Photoshop) file and the victim opens it with the ACDSee Ultimate 10 application, the attackers code could potentially be executed with the privileges of the local user.


Details


An memory corruption vulnerability exists in the .PSD parsing functionality of ACD Systems International Inc. ACDSee Ultimate 10. An attacker can build a specially crafted PSD file that uses this bug to trigger a memory corruption. A byte value is taken directly from the .PSD file and used later as a size argument to the C++ memmove function. An attacker can use this to overwrite large parts of memory to crash the application or potentially even execute arbitrary code by overwriting critical control flow structures. For additional information, please see the advisory here.

Coverage


The following Snort Rules will detect exploitation attempts of this vulnerability. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your FireSIGHT Management Center or Snort.org

Snort rules: 43862-43863

No comments:

Post a Comment