Title: Adobe Photoshop Elements 8.0 Multiple Arbitrary Code Execution Vulnerabilities Vendor: Adobe Systems Inc. (http://www.adobe.com) Product web page: http://www.adobe.com/products/photoshop-elements.html Affected version: 8.0 and 7.0 (20080916r.508356) Summary: Adobe Photoshop Elements 8.0 suffers from a buffer overflow vulnerability when dealing with .ABR (brushes) and .GRD (gradients) format files. The application fails to sanitize the user input resulting in a memory corruption, overwriting several memory registers which can aid the attacker to gain the power of executing arbitrary code on the affected system or denial of service scenario. CVSS Base Score: 9.3/10 Exploit range: Remote Confidentiality impact: Complete Impact Subscore: 10/10 Attack complexity: Medium Integrity impact: Complete Exploitability Subscore: 8.6/10 Authentication: No required Availability impact: Complete References: - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5049.php - http://www.exploit-db.com/exploits/17918/ - http://www.adobe.com/support/security/advisories/apsa11-03.html Proof Of Concept: http://www.zeroscience.mk/codes/brush_gradiently.rar (11071 bytes)