Photoshop: Retina software scan claims registry issue with Photoshop 12.1

  • 1
  • Problem
  • Updated 7 years ago
  • (Edited)
CS5.5 Design Premium, Photoshop portion of the install.

With Prior versions of CS, (i.e. 5.0) the version of Photoshop installed was 12.0.x. With CS5.5 the version is 12.1. During the install Adobe creates a Registry key under HKLC\Software\Adobe\Photoshop area called 12.0; It should be 12.1. I work for the DoN and we are required to scan all our computers for vulnerabilities, using a program called Retina (http://www.eeye.com/products/retina). It is keying on the the folder 12.0 and saying there is a High vulnerability associated with Photoshop. If the registry key was created and named properly, this would not show as a finding. Can you please put a patch that will corred the registry key to 12.1 so we can clear this finding.
Photo of Chris T

Chris T

  • 3 Posts
  • 0 Reply Likes

Posted 7 years ago

  • 1
Photo of Chris Cox

Chris Cox

  • 20280 Posts
  • 818 Reply Likes
No vulnerability, but yes someone forgot to update the version on some of the registry keys. Photoshop 12.1 and 12.0.4 are the same code, and can share those keys.

No, there will be no patch for this because it's not a bug or a problem - just a minor registry issue.

You should contact the makers of your registry scanner and inform them that they are overreacting and should whitelist that issue. We'll also try to inform them of the problem with their scanner - but since we do not use this software, we don't have all the specific details that you have, and they may need.
Photo of Chris Cox

Chris Cox

  • 20280 Posts
  • 818 Reply Likes
I tried to leave a message on the eEYE forums, but they won't let me post.

I heard back from the voicemail I left them, and we're going to try and get them the right versions and bits to limit their version scanning correctly.
Photo of Chris T

Chris T

  • 3 Posts
  • 0 Reply Likes
To Chris Cox,

Thanks for the info on this, and your contact with Adobe. If possible, I need to get one thing cleared up from Adobe about the Photoshop that comes with CS5.5. The vulnerability I was referring to, is the Adobe Photoshop DLL Preloading Vulnerability (Zero-Day). In your post, you said that Photoshop 12.1 x32 is not vulnerable, but I never made it clear what the vulnerability was. I appreciate you getting with Adobe to get them the correct version info about Photoshop. Below is a link to the vulnerability information from Microsoft that Retina is basing their information on, about this .dll vulnerability. If you could verify with your engineers that this has been taken care of, I would appreciate it so we too can contact Retina about this. We have a case open with them about it now, but they are still saying your product is vulnerable.

http://technet.microsoft.com/en-us/se...

http://msdn.microsoft.com/en-us/libra...

Inside the Retina product, this is what they say about the vulnerability: Adobe Photoshop contains a vulnerability when loading DLLs, causing susceptibility to DLL preloading attacks. Files that are opened with Photoshop from attacker controlled locations (e.g. a WebDAV server) could allow the attacker to execute arbitrary code at the logged-in user's privilege level.

Currently no patch is available from the vendor. It may be possible to limit exploitation by restricting access to known attack vectors (e.g. WebDAV client). Although restricting access will assist in deterring potential exploitation, avoid opening files from untrusted network locations, local directories, archive folders, and any location that could potentially be compromised with malicious DLL files. See Microsoft Security Advisory 2269637, referenced below, for a potential workaround. Please note that applying the workaround in Microsoft Security Advisory 2269637 may stop existing applications from functioning correctly.

If you can provide us with proof that you have fixed the vulnerability, that would be great. We can then report back to the Navy that we are not vulnerable on this and with Retina that they indeed need to fix their scan engine.

Thanks for your help in advance,

Chris
Photo of Chris Cox

Chris Cox

  • 20280 Posts
  • 818 Reply Likes
Wow your post is a mess of confusion.

There was no "zero day" involved here, ever. I suspect you are misusing the term.

No, I didn't say Photoshop wasn't vulnerable to a specific vulnerability, I only responded to your question about the retina scan registry key confusion. Their software was claiming a vulnerability due to mis-reading version numbers and registry keys. There was no real vulnerability being reported, just a mistake in the retina scan software.

Photoshop already fixed the DLL loading vulnerability. Photoshop version 12.0.1 and later don't have that vulnerability. I really don't know where you got "no patch is available". Also, Retina based their listing on the Adobe vulnerability report which says it's been fixed. ( http://www.adobe.com/support/security... )

Your original question isn't about a Photoshop vulnerability, but a bug in the Retina scan software that gets confused about version numbers and registry entries. We're trying to work with eEye to get them more information so they can fix their scanning software.
Photo of Chris T

Chris T

  • 3 Posts
  • 0 Reply Likes
First of all, thank you very much for the information about Photoshop fixing the product. Good to know that the product is not vulnerable. The term Zero Day was something that Retina, and possible Microsoft came up with related to some of the DLL files that Microsoft uses and puts out for use with people that write programs for Windows. I appologize for the mess of confusion the post cause, but unfortunately I did not create the mess, just asked a question about it. LOL

Like I mentioned, we too have a ticket open with Retina, so hopefull between Adobe and us, we can get it straightened up.

Again thanks for the info. Your the greatest!!!

Chris T.