You are here: silicon.com > Software > Security Strategy

Photoshop invaded by critical flaw

Exploit code on the loose

Tags: adobe, secunia, exploit, flaw

By Dawn Kawamoto

Published: 27 April 2007 10:54 BST

Exploit code that could take advantage of a "highly critical" security flaw in the most recent versions of Adobe Photoshop has been published, a security researcher reported.

The security flaw affects Adobe Photoshop Creative Suite 3, as well as CS2, according to a security advisory issued by Secunia on Wednesday.

The vulnerability concerns the way Adobe Photoshop handles the processing of malicious bitmap files, such as .bmp, .dib and .rle. A malicious attacker could exploit the flaw to launch a buffer overflow attack. That buffer overflow would then allow the intruder to take over a user's system.

Although a security researcher has published code to demonstrate how to exploit the vulnerability, Secunia has yet to detect any malicious use of the code, said Thomas Kristensen, Secunia's chief technology officer.

Kristensen said: "There are no active exploits out there yet but any attacks will be limited. Photoshop is primarily used by advertising agencies and image editors and not a lot of private individuals."

Until Adobe Systems develops a fix, Secunia advises users to forgo opening bitmap files where the source of the file is not clear or verifiable.

Dawn Kawamoto writes for CNET News.com

Add comment

Print story with

Email story

Microsoft plotting to steal Adobe's thunder

Apple issues OS X mega-patch

Adobe to standardise PDF?

Adobe fixes risky PDF holes

Alert over Adobe Acrobat flaw

Adobe PDF flaw 'more serious than first thought'

In silicon.com

Commentary

Peter Cochrane Peter Cochrane's Blog: Is convergence a fiction? Or could it finally be happening…

Clive Longbottom Quocirca's Straight Talking: A game of two halves Microsoft Virtualisation scores while its SOA bores...

Latest News

Has Barclays stamped out fraud with PINsentry?

Courts to save millions with streamlined tech

Soham report IT systems still not in place

RIM warns on BlackBerry PDF flaw

Privacy chief fights UK-wide database

Coming soon - malware threats to iPhone 2.0?

Jobs

Web Applications Developer

NET (VB Script/ C#), JavaScript, XHTML, CSS, XML etc) are required as well as proficiency in the Adobe Studio CS3 Suite, Visual Studio and MS Office. ...

Artist Required ! Nottingham Gaming Company up to 45K !

They are currently seeking an Artist join their existing team.Technically you will need the following skills: * Experience as an Artist * Experience ...

Ist Line Support - Tyne and Wear - 6 Contract

Any exposure to Adobe Illustrator or PhotoShop would put you at an advantage. My Client based in Tyne and Wear is seeking a competent 1st/2nd Line ...

Special Report Focus

CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.