Security Holes Found in Photoshop CS2, CS3

Unpatched vulnerabilities found in Adobe Photoshop CS2 and CS3 could put users' computers at risk.

Jeremy Kirk, IDG News Service

Tuesday, May 01, 2007 8:00 AM PDT

A pair of security vulnerabilities found in certain versions of Adobe Systems Inc.'s popular Photoshop products could put users' computers at risk, according to security researchers. Neither flaw has been patched yet.

One vulnerability is caused by an error in how the BMP.8BI Photoshop Format Plugin processes bitmap files, according to a warning posted by Secunia ApS, a security vendor based in Denmark. A malicious bitmap could cause a stack-based buffer overflow that would allow control over the victim's computer.

Secunia, which rates the problem as "highly critical," one of its more severe ratings, advised users not to open untrusted bitmap images. The problem affects Photoshop CS2 and CS3, and could affect other products, Secunia said.

A second vulnerability, also "highly critical," comes from a problem in the PNG.8BI Photoshop Format Plugin, Secunia said. A stack-based buffer overflow is also possible if a user opens a malicious .PNG file, an image format. Users should not open unexpected .PNG files.

Products affected included Photoshop CS2, CS3 and 5.x versions of Photoshop Elements, Secunia said in its warning. The vendor attributed the discovery of both vulnerabilities to a security researcher named Marsu.