0 Replies Latest reply on Apr 22, 2008 11:25 AM by HarryWaldron

    Adobe Photoshop - Unpatched BMP image vulnerability

      Adobe is working to promptly correct this security issue. Users should be careful in loading image files into the Photoshop environment (esp. from email, USB devices, or any other untrusted sources)

      Adobe Products BMP Handling Buffer Overflow Vulnerability
      http://secunia.com/advisories/29838/

      QUOTE: Successful exploitation may allow execution of arbitrary code via a specially crafted BMP file. Reportedly, the vulnerability can also be exploited when a malicious storage device (e.g. USB drives, cameras) is being attached to a vulnerable computer. The vulnerability is reported in Adobe Photoshop Album Starter Edition 3.2 and Adobe After Effects CS3. Other versions may also be affected.

      Solution: Do not process untrusted BMP files using the affected applications. Do not connect untrusted storage devices to the local computer.

      Original Advisory - Adobe:
      http://www.adobe.com/support/security/advisories/apsa08-04.html
      http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0551.html