Exploit code released for Adobe Photoshop flaw

Exploit code that could take advantage of a "highly critical" security flaw in the most recent versions of Adobe Photoshop has been published, a security researcher reported. The security flaw affects Adobe Photoshop Creative Suite 3, as well as CS2, according to a security advisory issued by Secunia on Wednesday. The vulnerability concerns the way […]

Exploit code that could take advantage of a "highly critical" security flaw in the most recent versions of Adobe Photoshop has been published, a security researcher reported.

The security flaw affects Adobe Photoshop Creative Suite 3, as well as CS2, according to a security advisory issued by Secunia on Wednesday.

The vulnerability concerns the way Adobe Photoshop handles the processing of malicious bitmap files, such as .bmp, .dib, and .rle. A malicious attacker could exploit the flaw with a buffer overflow attack, followed by remotely taking over a user's system.

Although a security researcher has published code to demonstrate how to exploit the vulnerability, Secunia has yet to detect any malicious use of the code, said Thomas Kristensen, Secunia's chief technology officer.

"There are no active exploits out there yet, but any attacks will be limited," Kristensen said. "Photoshop is primarily used by advertising agencies and image editors and not a lot of private individuals."

Until Adobe Systems develops a fix, Secunia advises users to forgo opening bitmap files where the source of the file is not clear or verifiable.

A researcher named Marsu is credited with discovering the vulnerability.

Adobe, meanwhile, issued a statement saying it has been notified of the potential Photoshop security flaw and is investigating the issue.

Adobe recently released Photoshop CS3, which was part of its larger Creative Suite 3 product line, or next-generation design and Web applications. Adobe noted it will update customers on its Photoshop CS3 investigation as it learns more.

Source:→ C|net

Adobe, Photosjop, Exploit Code, Vunlerability, Flaw, Bug, Released