Photoshop Flaw Opens Door for Exploits

By Greg McNevin

May 1, 2007: It seems that no software is safe from the talons of malicious coders these days, with Adobe’s Photoshop becoming the latest program sporting a “highly critical” flaw.

According to a new report from security firm Secunia, the vulnerability has been discovered in the Windows version of Adobe Photoshop Creative Suite CS2, CS3 and Elements 5.0.

Last week it was BMP’s causing problems, this week it’s PNG’s. According to Adobe’s Photoshop Product Manager John Nack, the flaw last week focussed on “a malformed bitmap file (.BMP, .DIB, .RLE) [that] could cause a buffer overflow in the application.”

This new flaw exploits focuses on a boundary error in the PNG.8BI Photoshop format plug-in and enables an attacker to launch a buffer overflow using a malicious PNG file, compromising a system.

The flaw is the second found in Adobe’s suite in as many weeks, highlighting that a system can be made vulnerable by any number of high-profile applications.

“Unfortunately I don't have more useful info to add at the moment, in the meantime, I'd suggest steering clear of files in these formats created by unknown/untrusted parties,” wrote Nack on his company blog.

Adobe is yet to release a patch for the vulnerabilities.

Comment on this story