Adobe Security Bulletin

Security update available for Adobe Bridge CC

Release date: June 16, 2015

Vulnerability identifier: APSB15-13

Priority: See table below

CVE number: CVE-2015-3110, CVE-2015-3111, CVE-2015-3112

Platform: Windows and Macintosh

Summary

Adobe has released an update for Adobe Bridge CC for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system.

Affected software versions

Adobe Bridge CC (6.1) and earlier versions for Windows and Macintosh.

Solution

Adobe recommends users update their software installation via the application's update mechanism by launching the application, navigating to the Help menu and clicking "Updates".  For more information, please reference the following help page.

Priority and severity ratings

Adobe categorizes these updates with the following priority rating and recommends users update their installation to the newest version:

Product Updated version Platform Priority rating
Adobe Bridge CC 6.1.1 Windows and Macintosh 3

These updates address a critical vulnerability in the software.

Details

Adobe has released an update for Bridge CC for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe recommends users update their product installations to the latest version.

These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-3110).

These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2015-3112).

These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2015-3111).

Acknowledgments

Adobe would like to thank Francis Provencher of Protek Research Labs (CVE-2015-3110, CVE-2015-3111, CVE-2015-3112) for reporting these issues and for working with Adobe to help protect our customers.