
Exploit code on the loose
Published: 27 April 2007 10:54 BST
Exploit code that could take advantage of a "highly critical" security flaw in the most recent versions of Adobe Photoshop has been published, a security researcher reported.
The security flaw affects Adobe Photoshop Creative Suite 3, as well as CS2, according to a security advisory issued by Secunia on Wednesday.
The vulnerability concerns the way Adobe Photoshop handles the processing of malicious bitmap files, such as .bmp, .dib and .rle. A malicious attacker could exploit the flaw to launch a buffer overflow attack. That buffer overflow would then allow the intruder to take over a user's system.
Although a security researcher has published code to demonstrate how to exploit the vulnerability, Secunia has yet to detect any malicious use of the code, said Thomas Kristensen, Secunia's chief technology officer.
Kristensen said: "There are no active exploits out there yet but any attacks will be limited. Photoshop is primarily used by advertising agencies and image editors and not a lot of private individuals."
Until Adobe Systems develops a fix, Secunia advises users to forgo opening bitmap files where the source of the file is not clear or verifiable.
Dawn Kawamoto writes for CNET News.com
Ideal profile: XHTML, Dreamweaver, Adobe Photoshop, content management, web analytics, seoVibrant and progressive design agency is seeking to expand ...
Initially, the requirement is for a candidate with the following skills: Microsoft Classic ASP and IIS MySQL Database HTML, CSS and JavaScript ...
Based in East London they are looking for a Senior Designer to join their team.As the successful Senior Designer you are required to have: Design ...
Agenda Setters 2008
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Naked CIO Naked CIO: Should you monitor staff? Somebody's watching you
Elinor Mills Why 1970s hackers had 'whiz kid' status Q&A: Kevin Mitnick - blackhat hacker turned good guy