Check Point Advisories

Adobe Photoshop CS5 Insecure Library Loading Code Execution (APSB10-30; CVE-2010-3127)

Vulnerability
Protection

Check Point Reference:	CPAI-2010-352
Date Published:	29 Dec 2010
Severity:	Critical
Last Updated:	Wednesday 29 December, 2010
Source:
Industry Reference:	CVE-2010-3127
Protection Provided by:	Security Gateway R81, R80, R77, R75, R71, R70
Who is Vulnerable?
Vulnerability Description	Adobe Photoshop CS5 is a graphics editing program that features a 3D engine. A library-loading vulnerability has been identified in Adobe Photoshop CS5. This vulnerability is due to the application insecurely loading certain librairies from the current working directory, which could allow attackers to execute arbitrary code by tricking a user into opening a file from a network share. A specially crafted file placed in an alternate location could cause Windows to execute the code it contains. Successful exploitation of this vulnerability could allow the attacker to take complete control of an affected system.

Protection Overview

This protection will detect and block the transferring of suspicious DLL files over CIFS.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75 / R71 / R70

In the IPS tab, click Protections and find the Adobe Photoshop CS5 Insecure Library Loading Code Execution (APSB10-30) protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: Adobe Products Violation.
Attack Information: Adobe Photoshop CS5 insecure library loading code execution (APSB10-30)