1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Corel Paint Shop PNG BO

HTTP Corel Paint Shop PNG BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a buffer overflow vulnerability in the Corel Paint Shop.

Additional Information

Adobe Photoshop and Corel Paint Shop are photo and image editiors that support many image formats.

These applications are prone to a remote buffer-overflow vulnerability when handling specially crafted '.png' files.

This issue occurs because the software fails to properly bounds-check user-supplied input prior to copying it to an insufficiently sized memory buffer.

Few technical details are currently available. We will update this BID as more information emerges.

Successful exploits allow remote attackers to execute arbitrary machine code in the context of a vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.

The following are vulnerable:

Adobe Photoshop CS2, CS3, and Elements 5.0
Corel Paint Shop Pro 11.20

Other versions may also be affected.

Affected

  • Adobe GoLive 9.0
  • Adobe Illustrator CS3
  • Adobe Photoshop CS2
  • Adobe Photoshop Elements 5.0
  • Corel Paint Shop Pro Photo 11.20

Response

Updates are available to address this issue. Please see the referenced advisories for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube