CVE-2012-2027
published 2012-05-09CVE-2012-2027: Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a…
PriorityP258critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
13.44%
96.0th percentile
Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a crafted TIFF (aka .TIF) file.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop | — | — |
| adobe | photoshop_cs4 | — | — |
| adobe | photoshop_cs5.5 | <= 12.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor Adobe Photoshop CS5 (versions 12.x before 12.0.5 and 12.1.x before 12.1.1) opening crafted TIFF (.tif/.tiff) files, which trigger a use-after-free during TIFF parsing and may lead to arbitrary code execution. ↗
- →Flag delivery of .tif/.tiff files to users running vulnerable Adobe Photoshop versions (CS5 12.x < 12.0.5, CS5.1 12.1.x < 12.1.1) via email, web, or file shares as a potential exploitation vector. ↗
- ·Exploit targets Windows platform specifically; Linux (via Wine) and macOS exposure may differ. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2012-05-09
Published