Exploit code that could take advantage of a "highly critical" security flaw in the most recent versions of Adobe Photoshop has been published, a security researcher reported.
The vulnerability concerns the way Adobe Photoshop handles the processing of malicious bitmap files, such as .bmp, .dib and .rle. A malicious attacker could exploit the flaw to launch a buffer overflow attack. That buffer overflow would then allow the intruder to take over a user's system.
Although a security researcher has published code to demonstrate how to exploit the vulnerability, Secunia has yet to detect any malicious use of the code, said Thomas Kristensen, Secunia's chief technology officer.
"There are no active exploits out there yet, but any attacks will be limited," Kristensen said. "Photoshop is primarily used by advertising agencies and image editors and not a lot of private individuals."
Until Adobe Systems develops a fix, Secunia advises users to forgo opening bitmap files where the source of the file is not clear or verifiable.
A researcher named Marsu is credited with discovering the vulnerability.
Adobe, meanwhile, issued a statement saying it has been notified of the potential Photoshop security flaw and is investigating the issue.
C/Net is leaving out some critical information yet again.
Which PhotoShop platform does this effect?
Mac? Windows? or Both?
Of Adobe's total sales, slightly less than 50% are for the Mac platform. I don't know what it is just for PhotoShop alone.
Since the percentage of Mac to Windows is somewhat greater for PhotoShop users than the standard 5/95 ratio for computer users in general, you'd think the affected operating system would be mentioned at least once.
Three bitmap filetypes are mentioned, .bmp, .dib and .rle. Are these the only types affected? If so perhaps it's not such a big deal, especially for Mac users (if the exploit works on Macs too) as those aren't used that much in serious Photoshop work.
Three bitmap filetypes are mentioned, .bmp, .dib and .rle. Are these the only types affected? If so perhaps it's not such a big deal, especially for Mac users (if the exploit works on Macs too) as those aren't used that much in serious Photoshop work.
CNET conveniently forgets to mention it's a WINDOWS problem..!
What lame reporting CNET has done again, took me 2 clicks to find the truth about the exploit but CNET doesn't even bother to mention in the article what OS this exploit affects..
This is just an expoit example where "Marsu" chose to use Calc to prove it could run anything, yet make it harmless at the same time. Chances are "Marsu" hasn't even got a Mac to test it on...
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
Tor's "obfsproxy" technology would make encrypted data look innocuous and let it dodge government censors. That could help citizens in Iran reach blocked sites as antigovernment protests reportedly loom.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
Which PhotoShop platform does this effect?
Mac? Windows? or Both?
Of Adobe's total sales, slightly less than 50% are for the Mac
platform. I don't know what it is just for PhotoShop alone.
Since the percentage of Mac to Windows is somewhat greater for
PhotoShop users than the standard 5/95 ratio for computer
users in general, you'd think the affected operating system
would be mentioned at least once.
<a class="jive-link-external" href="http://milw0rm.com/exploits/3793" target="_newWindow">http://milw0rm.com/exploits/3793</a>
* This sploit runs calc.exe.
* Tested against Win XP SP2 FR.
* Have Fun!
CNET = "The National Enquirer"
doesn't, they forget to tell us what platforms it affects.
Next time, read your source.
Thanks
~vjp~