Product
Cập nhật gần đây nhất vào
26 thg 12, 2022
Security updates available for Adobe Photoshop CC
Release date: April 11, 2017
Vulnerability identifier: APSB17-12
Priority: 3
CVE number: CVE-2017-3004, CVE-2017-3005
Platform: Windows and Macintosh
Summary
Adobe has released updates for Photoshop CC for Windows and Macintosh. These updates resolve a critical memory corruption vulnerability when parsing malicious PCX files that could lead to code
execution (CVE-2017-3004). These updates also resolve an unquoted search path vulnerability in
Photoshop on Windows (CVE-2017-3005).
Affected software versions
|
|
Affected version |
Platform |
|
Adobe Photoshop CC 2017 |
18.0.1 and earlier versions |
Windows and Macintosh |
|
Adobe Photoshop CC 2015.5 |
17.0.1 (2015.5.1) and earlier versions |
Windows and Macintosh |
Solution
Adobe recommends users update their software installations via each application's update mechanism by launching each application, navigating to the Help menu, and clicking "Updates." For more information, please reference this help page.
|
Product |
Updated version |
Platform |
Priority rating |
|
Adobe Photoshop CC 2017 |
18.1 |
Windows and Macintosh |
3 |
|
Adobe Photoshop CC 2015.5 |
17.0.2 (2015.5.2) |
Windows and Macintosh |
3 |
For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information on the Creative Cloud Packager.
Vulnerability details
- These updates resolve a memory corruption vulnerability when parsing malicious PCX files that could lead to code execution (CVE-2017-3004).
- These updates resolve an unquoted search path vulnerability in Photoshop on Windows (CVE-2017-3005).
Acknowledgments
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
- Kushal Arvind Shah of Fortinet's FortiGuard Labs (CVE-2017-3004)
- Cyril Vallicari / HTTPCS – Ziwit (CVE-2017-3005)
