PDA

View Full Version : Photoshop CS2, CS3 security exploit

Doug Nelson
04-27-2007, 04:15 PM
"A vulnerability has been identified in Adobe Photoshop, which could be exploited by attackers to cause a denial of service or execute arbitrary code. This issue is caused by buffer overflow errors when handling a malformed "BMP", "DIB" or "RLE" file, which could be exploited by attackers to take complete control of an affected system by tricking a user into opening a specially crafted file using a vulnerable application.

Affected Products

Adobe Photoshop CS3
Adobe Photoshop CS2"
http://www.frsirt.com/english/advisories/2007/1523
Photocrafter
04-29-2007, 06:18 AM
Thanks for the info Doug... Very much appreciated..

Regards, Robert
Doug Nelson
05-03-2007, 03:35 AM
Yet another one, this one for PNG files. Affects Elements as well:
http://secunia.com/advisories/25044/
Janet Petty
05-03-2007, 07:08 AM
Thank you Doug for these posts. It is, however, sad to think that sick people can and will target programs, systems, etc. and corrupt others computers. I'm sorry to think that now Adobe products have been targeted now as well.

Janet
lkroll
05-06-2007, 08:53 PM
Now Photoshop has a security issue with the built in PNG filter as well. I hope Adobe plug these holes soon. :ogre:

http://news.zdnet.com/2100-1009_22-6180180.html?tag=nl.e540
Gary Richardson
05-07-2007, 03:20 AM
Thank you Doug for these posts. It is, however, sad to think that sick people can and will target programs, systems, etc. and corrupt others computers. I'm sorry to think that now Adobe products have been targeted now as well.

Janet


Unfortunately just about any programme can be used as a conduit to infect your computer.

The slime balls that spread this stuff have a very good reason for wishing to do so (money), so it's likely we'll be seeing more and more of this kind of exploit.

Which is of course why it's important to keep all your programmes updated, so that you're patched as much as possible against vulnerabilities.
Swampy
05-07-2007, 08:10 AM
"That run on Windows"...

I don't intend to start a flame, but you know, I really feel sorry for you guys. It's constantly something. In this case it's innocuous PNG and BMP filters. One can hardly blame Adobe because it's almost unbelieveable that hackers would even look to exploit such files. I guess nothing is safe in the MS world.