You are here: silicon.com > Software > Security Strategy

Security Strategy

Photoshop invaded by critical flaw

Exploit code on the loose

Tags: adobe, secunia, exploit, flaw

Printer Friendly Email Story RSS

By Dawn Kawamoto

Published: 27 April 2007 10:54 GMT

Exploit code that could take advantage of a "highly critical" security flaw in the most recent versions of Adobe Photoshop has been published, a security researcher reported.

The security flaw affects Adobe Photoshop Creative Suite 3, as well as CS2, according to a security advisory issued by Secunia on Wednesday.

The vulnerability concerns the way Adobe Photoshop handles the processing of malicious bitmap files, such as .bmp, .dib and .rle. A malicious attacker could exploit the flaw to launch a buffer overflow attack. That buffer overflow would then allow the intruder to take over a user's system.

Although a security researcher has published code to demonstrate how to exploit the vulnerability, Secunia has yet to detect any malicious use of the code, said Thomas Kristensen, Secunia's chief technology officer.

Kristensen said: "There are no active exploits out there yet but any attacks will be limited. Photoshop is primarily used by advertising agencies and image editors and not a lot of private individuals."

Until Adobe Systems develops a fix, Secunia advises users to forgo opening bitmap files where the source of the file is not clear or verifiable.

Dawn Kawamoto writes for CNET News.com

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Related Links

Microsoft plotting to steal Adobe's thunder

Apple issues OS X mega-patch

Adobe to standardise PDF?

Adobe fixes risky PDF holes

Alert over Adobe Acrobat flaw

Adobe PDF flaw 'more serious than first thought'

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Tim Ferguson Exclusive: Former MySQL boss Marten Mickos talks open source Why Microsoft could become one of the "biggest friends of open source" and why Oracle getting its hands on MySQL could be "one of the biggest open source coups ever"...

Naked CIO Naked CIO: Cloud computing more expensive than we thought? Smart IT leaders will examine the impact of how they pay for tech

UK ID cards rollout hit by delay as launch date revealed

Bletchley Park's World War Two codebreakers in their own words

'You're responsible for your own wi-fi security' say ISPs

'UK must up privacy safeguards following Phorm'

The top 10 technologies you need to plan for next year


  • Jobs
Senior Web Designer; CSS XHTML SEO Adobe Flash Photoshop Illustrator

JQuery • Search Engine Optimisation (SEO) In addition you will have solid experience of the Adobe Creative Suite (CS3) to include the ...

Digital Project Manager

Typical Build environments; PHP, .NET, ASP.NET, HTML, CSS, DHTML, JavaScript, Flash, ActionScript, JQuery, Adobe Photoshop, Illustrator, MySQL, ...

Digital Creative Director, Head of Creative

Typical Build environments; PHP, .NET, ASP.NET, HTML, CSS, DHTML, JavaScript, Flash, ActionScript, JQuery, Adobe Photoshop, Illustrator, MySQL, ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.

CEO Dashboard Management: Why Creating Visual Reports You Can't Hide From Will Help...

Virtual Private Servers (VPS)

Looking for a fast payback? 10 Minutes with Free Tool Can Save Thousands

The Truth About Wasteful Spending on Software: How to Stop Giving Your Software Vendors...

Martin Brokers cashes in on back-up swap

VocaLink makes virtualisation pay

Sony Pictures sets sights on best IT Oscar

Co-op Group kicks "server sprawl" into touch

Arts Council gets tech troubleshooting boost

Torex tech treats Thorntons to quicker sales

Stories from the web...


Pay for IT chiefs weathers the storm

Illegal downloaders crackdown: Digital Economy Bill to cut them off

Salesforce.com makes more friends in the cloud

Google sheds light on netbook plans for Chrome OS

How to squeeze the last drops of savings from an outsourcing contract

Salesforce.com plans social networking for business




Quick Sitemap Links: