CVE-2022-24098
📋 TL;DR
Adobe Photoshop has an improper input validation vulnerability when parsing PCX files that could allow arbitrary code execution. Attackers can craft malicious PCX files that, when opened by a victim, execute code in the context of the current user. This affects Photoshop versions 22.5.6 and earlier, and 23.2.2 and earlier.
💻 Affected Systems
- Adobe Photoshop
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the victim's computer, data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation leading to data exfiltration, malware installation, or persistence mechanisms being established on the compromised system.
If Mitigated
Limited impact if user runs with minimal privileges, has application sandboxing, or security software blocks malicious file execution.
🎯 Exploit Status
Exploitation requires user to open a specially crafted PCX file. No public exploit code available at time of analysis.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Photoshop 22.5.7 and 23.3
Vendor Advisory: https://helpx.adobe.com/security/products/photoshop/apsb22-20.html
Restart Required: Yes
Instructions:
1. Open Adobe Creative Cloud application. 2. Navigate to 'Apps' tab. 3. Find Photoshop in your installed apps. 4. Click 'Update' button. 5. Restart Photoshop after update completes.
🔧 Temporary Workarounds
Block PCX file extensions
windowsPrevent opening of PCX files via group policy or endpoint protection
Group Policy: Computer Configuration > Policies > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules > New Path Rule: *.pcx = Disallowed
User awareness training
allEducate users not to open PCX files from untrusted sources
🧯 If You Can't Patch
- Run Photoshop with minimal user privileges to limit impact of successful exploitation
- Implement application whitelisting to prevent execution of unauthorized code
🔍 How to Verify
Check if Vulnerable:
Check Photoshop version via Help > About Photoshop. If version is 22.5.6 or earlier, or 23.2.2 or earlier, system is vulnerable.Check Version:
Photoshop: Help > About Photoshop (GUI only, no CLI command)Verify Fix Applied:
Verify Photoshop version is 22.5.7 or higher for version 22.x, or 23.3 or higher for version 23.x.📡 Detection & Monitoring
Log Indicators:
- Application crashes when opening PCX files
- Unexpected process spawning from Photoshop.exe
- File system writes from Photoshop process
Network Indicators:
- Outbound connections from Photoshop process to unexpected destinations
- DNS requests for command and control domains
SIEM Query:
Process Creation: Parent Process contains 'photoshop.exe' AND (Command Line contains 'cmd.exe' OR Command Line contains 'powershell.exe')