You are here: silicon.com > Software > Security Strategy

Photoshop invaded by critical flaw

Exploit code on the loose

Tags: adobe, secunia, exploit, flaw

By Dawn Kawamoto

Published: 27 April 2007 10:54 GMT

Exploit code that could take advantage of a "highly critical" security flaw in the most recent versions of Adobe Photoshop has been published, a security researcher reported.

The security flaw affects Adobe Photoshop Creative Suite 3, as well as CS2, according to a security advisory issued by Secunia on Wednesday.

The vulnerability concerns the way Adobe Photoshop handles the processing of malicious bitmap files, such as .bmp, .dib and .rle. A malicious attacker could exploit the flaw to launch a buffer overflow attack. That buffer overflow would then allow the intruder to take over a user's system.

Although a security researcher has published code to demonstrate how to exploit the vulnerability, Secunia has yet to detect any malicious use of the code, said Thomas Kristensen, Secunia's chief technology officer.

Kristensen said: "There are no active exploits out there yet but any attacks will be limited. Photoshop is primarily used by advertising agencies and image editors and not a lot of private individuals."

Until Adobe Systems develops a fix, Secunia advises users to forgo opening bitmap files where the source of the file is not clear or verifiable.

Dawn Kawamoto writes for CNET News.com

Add comment

Print story with

Email story

Microsoft plotting to steal Adobe's thunder

Apple issues OS X mega-patch

Adobe to standardise PDF?

Adobe fixes risky PDF holes

Alert over Adobe Acrobat flaw

Adobe PDF flaw 'more serious than first thought'

In silicon.com

Commentary

Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead

Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy

Latest News

Bletchley Park's World War Two codebreakers in their own words

'You're responsible for your own wi-fi security' say ISPs

'UK must up privacy safeguards following Phorm'

The top 10 technologies you need to plan for next year

Windows 7: Who's adopting it, when and why?

Jobs

Senior Web Designer; CSS XHTML SEO Adobe Flash Photoshop Illustrator

JQuery • Search Engine Optimisation (SEO) In addition you will have solid experience of the Adobe Creative Suite (CS3) to include the ...

Technical Author - South East / Greater London

Proficiency in graphics applications (eg Adobe Illustrator, Corel Designer, CorelDraw, Adobe Photoshop). Please send your CV ASAP We are an ...

Digital Project Manager

Typical Build environments; PHP, .NET, ASP.NET, HTML, CSS, DHTML, JavaScript, Flash, ActionScript, JQuery, Adobe Photoshop, Illustrator, MySQL, ...

Special Report Focus

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.