CVE-2012-4170

Adobe Photoshop CS6 13.x - Remote Code Execution via Crafted File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4170. PoCs published by Francis Provencher.

AI-analyzed exploit summary This is a vulnerability writeup for CVE-2012-4170, detailing a heap-based buffer overflow in Adobe Photoshop CS6's PNG parsing module. The exploit requires user interaction to open a malicious PNG file.

Description

Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted file.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Francis Provencher · textdoswindows

https://www.exploit-db.com/exploits/20971

View Code ZIP pw:eip

This is a vulnerability writeup for CVE-2012-4170, detailing a heap-based buffer overflow in Adobe Photoshop CS6's PNG parsing module. The exploit requires user interaction to open a malicious PNG file.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Adobe Photoshop CS6 (13.x)

No auth needed

Prerequisites: User interaction to open a malicious PNG file

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/55333

Vendor Advisory x_refsource_confirm

http://www.adobe.com/support/security/bulletins/apsb12-20.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1027477

Scores

EPSS 0.1136

EPSS Percentile 95.4%

Details

CWE

CWE-119

Status published

Products (1)

adobe/photoshop_cs6 13.0

Published Aug 31, 2012

Tracked Since Feb 18, 2026