The focus of this is for the Photoshop Elements software as it is more
common with home users than it's bigger sibling Photoshop.
Adobe Products PNG.8BI PNG File Handling Buffer Overflow
Secunia Advisory: SA25044
Release Date: 2007-04-30
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Adobe Photoshop CS2
Adobe Photoshop CS3
Adobe Photoshop Elements 5.x
Description:
Marsu has discovered a vulnerability in various Adobe Products, which
can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the PNG.8BI
Photoshop Format Plugin when handling PNG files. This can be exploited
to cause a stack-based buffer overflow via a specially crafted PNG file.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in Adobe Photoshop CS2 and Adobe
Photoshop Elements (Editor) version 5.0 for Windows and reportedly
affects Adobe Photoshop CS3.
Solution:
Do not open untrusted PNG files.
Provided and/or discovered by:
Marsu
Original Advisory:
http://milw0rm.com/exploits/3812
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================