CVE-2012-2027

Adobe Photoshop CS5 < 12.0.5 and CS5.1 < 12.1.1 - Use-After-Free via Crafted TIFF File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2027. PoCs published by Francis Provencher.

AI-analyzed exploit summary The document describes a use-after-free vulnerability in Adobe Photoshop 12.1 when processing TIFF files. It includes a timeline and technical details but lacks actual exploit code, only referencing external TIFF files as PoC.

Description

Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a crafted TIFF (aka .TIF) file.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Francis Provencher · textdoswindows
https://www.exploit-db.com/exploits/18633

The document describes a use-after-free vulnerability in Adobe Photoshop 12.1 when processing TIFF files. It includes a timeline and technical details but lacks actual exploit code, only referencing external TIFF files as PoC.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Adobe Photoshop 12.1
No auth needed
Prerequisites: User interaction to open a malicious TIFF file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb12-11.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52634

Scores

EPSS 0.1344
EPSS Percentile 95.9%

Details

CWE
CWE-399
Status published
Products (26)
adobe/photoshop
adobe/photoshop 2.5
adobe/photoshop 3.0
adobe/photoshop 4.0
adobe/photoshop 5.0
adobe/photoshop 6.0 (2 CPE variants)
adobe/photoshop 6.0.1
adobe/photoshop 7.0
adobe/photoshop 7.0.1
adobe/photoshop 8.0
... and 16 more
Published May 09, 2012
Tracked Since Feb 18, 2026