Users of Adobe’s popular Photoshop software are being warned to click clear of Bitmap and PNG files if they come from an ‘untrusted’ source.
The dual vulnerabilities in the software could be exploited by a malicious person to compromise a user’s computer, according to security experts at Secunia.
Both holes are yet to be patched by Adobe, and have each received “highly critical” ratings, one of the firm’s most severe warnings.
The first vulnerability is caused due to an error within the BMP.8BI Photoshop Format Plugin, when users handle Bitmap files – for example, .BMP, .DIB and .RLE.
An online advisory reveals the security hole is confirmed in Adobe Photoshop CS2 and reportedly affects Adobe Photoshop CS3.
Other versions could also be affected, Secunia said, potentially causing a stack-based buffer overflow that would allow a remote attacker to control a victim’s computer.
The second vulnerability is caused due to an error within the PNG.BBI Photoshop Format Plug-in, when handling PNG files.
Like the security hole in Bitmap files, successful exploitation of the vulnerability allows a remote attacker to run a malicious code on the user’s computer.
Products affected include Adobe Photoshop CS2 and Adobe Photoshop Elements (Editor) version 5.0 for Windows, Secunia said in its online alert.
The Denmark-based firm said the solution to both vulnerabilities, which were discovered by security researcher Marsu, is to avoid opening any unexpected PNG and Bitmap files.
May 3, 2007
Email this article
Printer friendly page
Previous Page
