CVE-2007-2244 - OpenCVE

Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Adobe	Golive Illustrator Photoshop

Configuration 1 [-]

OR	cpe:2.3:a:adobe:golive:9:::::::*
	cpe:2.3:a:adobe:illustrator:cs3:::::::*
	cpe:2.3:a:adobe:photoshop:9.0.2:::::::*

No data.

References

Link	Providers
http://osvdb.org/38064
http://osvdb.org/38065
http://osvdb.org/38066
http://secunia.com/advisories/25023
http://secunia.com/advisories/26846
http://secunia.com/advisories/26864
http://securitytracker.com/id?1018792
http://www.adobe.com/support/security/bulletins/apsb07-13.html
http://www.adobe.com/support/security/bulletins/apsb07-16.html
http://www.adobe.com/support/security/bulletins/apsb07-17.html
http://www.osvdb.org/35370
http://www.securityfocus.com/bid/23621
http://www.securitytracker.com/id?1017962
http://www.vupen.com/english/advisories/2007/1523
http://www.vupen.com/english/advisories/2007/3442
http://www.vupen.com/english/advisories/2007/3443
https://exchange.xforce.ibmcloud.com/vulnerabilities/33838
https://www.exploit-db.com/exploits/3793

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-25T16:00:00

Updated: 2024-08-07T13:33:27.455Z

Reserved: 2007-04-25T00:00:00

Link: CVE-2007-2244

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-04-25T16:19:00.000

Modified: 2017-10-11T01:32:09.863

Link: CVE-2007-2244

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-24T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "23621", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23621"}, {"name": "1018792", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018792"}, {"name": "35370", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/35370"}, {"name": "25023", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25023"}, {"name": "adobe-multiple-files-bo(33838)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33838"}, {"name": "ADV-2007-3442", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3442"}, {"name": "3793", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/3793"}, {"name": "38065", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/38065"}, {"name": "38064", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/38064"}, {"name": "26864", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26864"}, {"name": "26846", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26846"}, {"name": "ADV-2007-1523", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1523"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/bulletins/apsb07-17.html"}, {"name": "38066", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/38066"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/bulletins/apsb07-13.html"}, {"name": "ADV-2007-3443", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3443"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.adobe.com/support/security/bulletins/apsb07-16.html"}, {"name": "1017962", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017962"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2244", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "23621", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23621"}, {"name": "1018792", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018792"}, {"name": "35370", "refsource": "OSVDB", "url": "http://www.osvdb.org/35370"}, {"name": "25023", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25023"}, {"name": "adobe-multiple-files-bo(33838)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33838"}, {"name": "ADV-2007-3442", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3442"}, {"name": "3793", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/3793"}, {"name": "38065", "refsource": "OSVDB", "url": "http://osvdb.org/38065"}, {"name": "38064", "refsource": "OSVDB", "url": "http://osvdb.org/38064"}, {"name": "26864", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26864"}, {"name": "26846", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26846"}, {"name": "ADV-2007-1523", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1523"}, {"name": "http://www.adobe.com/support/security/bulletins/apsb07-17.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb07-17.html"}, {"name": "38066", "refsource": "OSVDB", "url": "http://osvdb.org/38066"}, {"name": "http://www.adobe.com/support/security/bulletins/apsb07-13.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb07-13.html"}, {"name": "ADV-2007-3443", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3443"}, {"name": "http://www.adobe.com/support/security/bulletins/apsb07-16.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb07-16.html"}, {"name": "1017962", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017962"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:33:27.455Z"}, "title": "CVE Program Container", "references": [{"name": "23621", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23621"}, {"name": "1018792", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1018792"}, {"name": "35370", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/35370"}, {"name": "25023", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25023"}, {"name": "adobe-multiple-files-bo(33838)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33838"}, {"name": "ADV-2007-3442", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3442"}, {"name": "3793", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/3793"}, {"name": "38065", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/38065"}, {"name": "38064", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/38064"}, {"name": "26864", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26864"}, {"name": "26846", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26846"}, {"name": "ADV-2007-1523", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1523"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.adobe.com/support/security/bulletins/apsb07-17.html"}, {"name": "38066", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/38066"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.adobe.com/support/security/bulletins/apsb07-13.html"}, {"name": "ADV-2007-3443", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3443"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.adobe.com/support/security/bulletins/apsb07-16.html"}, {"name": "1017962", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017962"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2244", "datePublished": "2007-04-25T16:00:00", "dateReserved": "2007-04-25T00:00:00", "dateUpdated": "2024-08-07T13:33:27.455Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:golive:9:*:*:*:*:*:*:*", "matchCriteriaId": "82CE10E2-ACEA-4D7C-A3FC-056D0BA56ED5", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:illustrator:cs3:*:*:*:*:*:*:*", "matchCriteriaId": "F2544447-313B-42DD-831B-E1AED3B6086F", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:photoshop:9.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "7F1D2452-C141-4A9E-ACA9-61A44FB63302", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en Adobe Photoshop versiones CS2 y CS3, Illustrator versi\u00f3n CS3 y GoLive versi\u00f3n 9, permite a atacantes remotos asistidos por el usuario ejecutar c\u00f3digo arbitrario por medio de un archivo (1) BMP, (2) DIB o (3) RLE especialmente dise\u00f1ados."}], "id": "CVE-2007-2244", "lastModified": "2017-10-11T01:32:09.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-04-25T16:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/38064"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/38065"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/38066"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25023"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26846"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26864"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1018792"}, {"source": "cve@mitre.org", "url": "http://www.adobe.com/support/security/bulletins/apsb07-13.html"}, {"source": "cve@mitre.org", "url": "http://www.adobe.com/support/security/bulletins/apsb07-16.html"}, {"source": "cve@mitre.org", "url": "http://www.adobe.com/support/security/bulletins/apsb07-17.html"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/35370"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/23621"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1017962"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/1523"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/3442"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/3443"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33838"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/3793"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}