Photoshop invaded by critical flaw

Exploit code on the loose

Post a comment
Print

By Dawn Kawamoto, 27 April 2007 10:54

NEWS

Exploit code that could take advantage of a "highly critical" security flaw in the most recent versions of Adobe Photoshop has been published, a security researcher reported.

The security flaw affects Adobe Photoshop Creative Suite 3, as well as CS2, according to a security advisory issued by Secunia on Wednesday.

The vulnerability concerns the way Adobe Photoshop handles the processing of malicious bitmap files, such as .bmp, .dib and .rle. A malicious attacker could exploit the flaw to launch a buffer overflow attack. That buffer overflow would then allow the intruder to take over a user's system.

Although a security researcher has published code to demonstrate how to exploit the vulnerability, Secunia has yet to detect any malicious use of the code, said Thomas Kristensen, Secunia's chief technology officer.

Kristensen said: "There are no active exploits out there yet but any attacks will be limited. Photoshop is primarily used by advertising agencies and image editors and not a lot of private individuals."

Until Adobe Systems develops a fix, Secunia advises users to forgo opening bitmap files where the source of the file is not clear or verifiable.

Dawn Kawamoto writes for CNET News.com

Post a comment
Print

Post your comment

In order to post a comment you need to be registered and logged in.

Latest Security stories

Featured white papers

Vulnerability Management Buyer's Checklist

Qualys

Key Questions to Ask Before You Select a VM Solution Choosing a solution for Vulnerability Management (VM) is a critical step toward protecting your organisation's network and data. Without proven, automated technology for precise detection and remediation, no network can withstand the daily onslaught of new vulnerabilities that threaten security. To help finalise your decision on which solution to buy, Qualys provides this 12-point short list of considerations that will help you determine what will work best for your organisation.

Download now »
Creating a Dynamic Infrastructure through Virtualization

IBM

In almost every case,the transformation to a dynamic infrastructure will involve virtualization.Many IT professionals think of virtualization specifically in terms of servers.IBM,however,has a broader perspective,in which virtualization is seen as a generalapproach to decouple logical resources from physical elements,so that thoseresources can be allocated faster,more cost-effectively and more dynamically,wherever the business requires them in real time to ideally meet changingdemand levels or business requirements.

Download now »
How IP geolocation can improve your website experience and marketing activity

Quova

With geolocation technology, you can know a web user's real world whereabouts. This report examines the benefits from the fictional retailer's point of view. Things-4-You- a thriving online business, which had a poor record in converting online visitors into buying customers. Things-4-You demonstrates the potential of IP geolocation online. retailers.

Download now »