You are here: silicon.com > Software > Security Strategy

Security Strategy

Photoshop invaded by critical flaw

Exploit code on the loose

Tags: adobe, secunia, exploit, flaw

By Dawn Kawamoto

Published: 27 April 2007 10:54 BST

Exploit code that could take advantage of a "highly critical" security flaw in the most recent versions of Adobe Photoshop has been published, a security researcher reported.

The security flaw affects Adobe Photoshop Creative Suite 3, as well as CS2, according to a security advisory issued by Secunia on Wednesday.

The vulnerability concerns the way Adobe Photoshop handles the processing of malicious bitmap files, such as .bmp, .dib and .rle. A malicious attacker could exploit the flaw to launch a buffer overflow attack. That buffer overflow would then allow the intruder to take over a user's system.

Although a security researcher has published code to demonstrate how to exploit the vulnerability, Secunia has yet to detect any malicious use of the code, said Thomas Kristensen, Secunia's chief technology officer.

Kristensen said: "There are no active exploits out there yet but any attacks will be limited. Photoshop is primarily used by advertising agencies and image editors and not a lot of private individuals."

Until Adobe Systems develops a fix, Secunia advises users to forgo opening bitmap files where the source of the file is not clear or verifiable.

Dawn Kawamoto writes for CNET News.com

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

  • Jobs
Web Applications Developer

NET (VB Script/ C#), JavaScript, XHTML, CSS, XML etc) are required as well as proficiency in the Adobe Studio CS3 Suite, Visual Studio and MS Office. ...

Artist Required ! Nottingham Gaming Company up to 45K !

They are currently seeking an Artist join their existing team.Technically you will need the following skills: * Experience as an Artist * Experience ...

Ist Line Support - Tyne and Wear - 6 Contract

Any exposure to Adobe Illustrator or PhotoShop would put you at an advantage. My Client based in Tyne and Wear is seeking a competent 1st/2nd Line ...

CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.





Quick Sitemap Links: