Critical vulnerability in Photoshop

Marsu has reported a vulnerability in Adobe Photoshop, which can be exploited by malicious people to compromise a user’s system. SecurityFocus has provided a code example on their website.

The vulnerability is caused due to an error within the handling of Bitmap files (e.g. .BMP, .DIB, .RLE) and can be exploited to cause a stack-based buffer overflow via a specially crafted Bitmap file.

Successful exploitation allows execution of arbitrary code.

The vulnerability is reported in Adobe Photoshop CS2 and CS3. Other versions may also be affected.

Solution:
Do not open untrusted Bitmap files.

2 thoughts on “Critical vulnerability in Photoshop