Home / News & Blogs

Critical flaw found in Photoshop plug-in

Dawn Kawamoto | April 30, 2007 3:43 PM PDT

Summary

Vulnerability in graphics-file format plug-in discovered in Adobe Systems' Photoshop Creative Suite.

Topics

Dawn Kawamoto
Security researchers have found a "highly critical" flaw in the portable-network graphics plug-in for the latest version of Adobe Systems' Photoshop Creative Suite, as well as for other versions of the software that run on Windows.

The portable-network graphics, or PNG, plug-in vulnerabilities were discovered in Adobe Photoshop Creative Suite 3 (CS3), Photoshop CS2, and Adobe Photoshop Elements (Editor) version 5.0 for Windows, according to a report released Monday by Secunia, which cited a researcher named "Marsu" with the discovery. Marsu tested a public exploit against versions of the software running Windows XP SP2.

These security flaws follow a report last week by Marsu that identified another set of critical vulnerabilities in Adobe Photoshop CS3 and CS2 for Windows.

The vulnerabilities reported on Monday can be exploited via a boundry error in the PNG.8BI Photoshop format plug-in when processing PNG files. Using a malicious PNG file, attackers can exploit the flaws to launch a buffer overflow attack to compromise the user's system.

Security researchers have found a "highly critical" flaw in the portable-network graphics plug-in for the latest version of Adobe Systems' Photoshop Creative Suite, as well as for other versions of the software that run on Windows.

The portable-network graphics, or PNG, plug-in vulnerabilities were discovered in Adobe Photoshop Creative Suite 3 (CS3), Photoshop CS2, and Adobe Photoshop Elements (Editor) version 5.0 for Windows, according to a report released Monday by Secunia, which cited a researcher named "Marsu" with the discovery. Marsu tested a public exploit against versions of the software running Windows XP SP2.

These security flaws follow a report last week by Marsu that identified another set of critical vulnerabilities in Adobe Photoshop CS3 and CS2 for Windows.

The vulnerabilities reported on Monday can be exploited via a boundry error in the PNG.8BI Photoshop format plug-in when processing PNG files. Using a malicious PNG file, attackers can exploit the flaws to launch a buffer overflow attack to compromise the user's system.

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity