Threat Research

Fortinet Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Photoshop

By Kushal Arvind Shah | March 23, 2020

FortiGuard Labs Vulnerability Update
 

Affected platforms:         Adobe Photoshop CC 2020 running on Windows 10 and Windows 7 OS
Impacted parties:           Users of Adobe Photoshop CC 2020 versions 21.1 and earlier
Impact:                           Multiple vulnerabilities enable the remote execution of arbitrary code

Severity level:                 High

This past January, I discovered and reported multiple critical zero-day vulnerabilities in Adobe Photoshop CC 2020. This past Tuesday (Mar 17, 2020), Adobe released several out-of-band security patches that addressed those vulnerabilities. They are identified as CVE-2020-3783, CVE-2020-3784, CVE-2020-3785, CVE-2020-3786, CVE-2020-3787, CVE-2020-3788 and CVE-2020-3789. All of these vulnerabilities have different root causes related to a multitude of Photoshop Plugins. Due to the critical rating of these vulnerabilities, we suggest users apply these latest Adobe patches­­­ as soon as possible. 

Following are additional details of these vulnerabilities:

CVE-2020-3783:

This is a Heap Corruption Vulnerability in the Adobe Photoshop ‘PCX’ plugin. Specifically, the vulnerability is caused by a malformed PCX file that causes an Out of Bounds Write memory access, due to improper bounds checking when manipulating a pointer to a heap allocated buffer. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application, via a crafted PCX file.

Fortinet had already released IPS signature Adobe.Photoshop.CVE-2020-3783.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2020-3784:

This is a Memory Corruption Vulnerability that occurs in the decoding of EXR files in Adobe Photoshop. Specifically, this vulnerability is caused by a malformed EXR file that causes an Out of Bounds memory access, due to an improper bounds check. This vulnerability exists in the ‘Standard_MultiPlugin’ plugin. 

Attackers can exploit this vulnerability by using the out of bounds access for unintended reads, writes or frees potentially leading to a code corruption, control-flow hijack, or information leak attack.

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application, via a crafted EXR file.

Fortinet had already released IPS signature Adobe.Photoshop.CVE-2020-3784.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2020-3785:

This is a Memory Corruption Vulnerability in the decoding of U3D (Universal 3D) files in Adobe Photoshop. Specifically, this vulnerability is caused by a malformed U3D file that causes an Out of Bounds memory access, due to an improper bounds check. This vulnerability exists in the ‘U3D’ plugin. 

Attackers can exploit this vulnerability by using the out of bounds access for unintended reads, writes or frees potentially leading to a code corruption, control-flow hijack, or information leak attack.

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application, via a crafted U3D file.

Fortinet had already released IPS signature Adobe.Photoshop.CVE-2020-3785.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2020-3786:

This is a Memory Corruption Vulnerability in the decoding of DCM (Dicom) files in Adobe Photoshop. Specifically, this vulnerability is caused by a malformed DCM file that causes an Out of Bounds Write memory access, due to an improper bounds check. This vulnerability exists in the ‘Dicom’ plugin. 

Attackers can exploit the vulnerability by using the out of bounds access for unintended writes or frees potentially leading to a code corruption, control-flow hijack, or information leak attack.

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application, via a crafted DCM file.

Fortinet had already released IPS signature Adobe.Photoshop.CVE-2020-3786.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2020-3787:

This is a Memory Corruption Vulnerability in the decoding of PostScript (PS) files in Adobe Photoshop. Specifically, this vulnerability is caused by a malformed PS file, which causes an Out of Bounds Write memory access, due to an improper bounds check. This vulnerability exists in the ‘MPS’ plugin. 

Attackers can exploit the vulnerability by using the out of bounds access for unintended writes or frees potentially leading to a code corruption, control-flow hijack, or information leak attack.

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application, via a crafted PS file.

Fortinet had already released IPS signature Adobe.Photoshop.CVE-2020-3787.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2020-3788:

This is a Memory Corruption Vulnerability in the decoding of EXR files in Adobe Photoshop. Specifically, this vulnerability is caused by a malformed EXR file, which causes an Out of Bounds memory access, due to an improper bounds check. This vulnerability exists in the ‘Standard_MultiPlugin’ plugin. 

Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes or frees potentially leading to a code corruption, control-flow hijack, or information leak attack.

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application, via a crafted EXR file.

Fortinet had already released IPS signature Adobe.Photoshop.CVE-2020-3788.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2020-3789:

This is a Memory Corruption Vulnerability in the decoding of PDF files in Adobe Photoshop. Specifically, this vulnerability is caused by a malformed PDF file, which causes an Out of Bounds memory access, due to an improper bounds check. This vulnerability exists in the ‘AdobePDFL’ plugin. 

Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes or frees potentially leading to a code corruption, control-flow hijack, or information leak attack.

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application, via a crafted PDF file.

Fortinet had already released IPS signature Adobe.Photoshop.CVE-2020-3789.Memory.Corruption for this specific vulnerability to proactively protect our customers.

Learn how FortiGuard Labs provides unmatched security and intelligence services using integrated AI systems.

Find out about the FortiGuard Security Services portfolio and sign up for our weekly FortiGuard Threat Brief.

Discover how the FortiGuard Security Rating Service provides security audits and best practices to guide customers in designing, implementing, and maintaining the security posture best suited for their organization.