April 30, 2007 8:43 AM PDT

Critical flaw found in Photoshop plug-in

Security researchers have found a "highly critical" flaw in the portable-network graphics plug-in for the latest version of Adobe Systems' Photoshop Creative Suite, as well as for other versions of the software that run on Windows.

The portable-network graphics, or PNG, plug-in vulnerabilities were discovered in Adobe Photoshop Creative Suite 3 (CS3), Photoshop CS2, and Adobe Photoshop Elements (Editor) version 5.0 for Windows, according to a report released Monday by Secunia, which cited a researcher named "Marsu" with the discovery. Marsu tested a public exploit against versions of the software running Windows XP SP2.

These security flaws follow a report last week by Marsu that identified another set of critical vulnerabilities in Adobe Photoshop CS3 and CS2 for Windows.

The vulnerabilities reported on Monday can be exploited via a boundry error in the PNG.8BI Photoshop format plug-in when processing PNG files. Using a malicious PNG file, attackers can exploit the flaws to launch a buffer overflow attack to compromise the user's system.

See more CNET content tagged:
Adobe PhotoShop, Adobe Systems Inc., vulnerability, PNG, researcher

10 comments

Join the conversation!
Add your comment
Adobe - open to attack? Good!
Adobe products have been attacking other applications and basically trying to take over
personal computers. Adobe fixing the hole in that one program should be viewed as the big bully not getting what he deserved. Send the Grinch to work at Adobe for a while.
Posted by bobbydi (51 comments )
Reply Link Flag
and Microsoft products...
...and Symantec's Norton product line and etc haven't done the same? and our ISP's haven't overchanged us as well as spied on our anti-spyware and other communications products? and Google doesn't warehouse the world's largest inventory of intimately personal information on each and every one on earth that uses the internet? and Sony didn't conscientiously nail our computers with the nastiest rootkit of all time? and Steve Jobs didn't know about the options deal??

please...the Grinch already works in the software industry and is the highest paid exec in the industry.

i don't mean to be sarcastic but really they all are criminals of greed and so forth. this stuff called software is a relatively brand new industry and the rules are still in their infancy. Supply and demand will rule eventually. And quality defines what governments, business enterprises and home users will pay.

Look at Win ME and now VISTA - dead in the water lol :p
Posted by i_made_this (302 comments )
Link Flag
GIMP
Yes, it doesn't have CMYK support, but the GIMP can do a lot. I use it for all my graphics work, and it handles all sorts of formats. Of course, then the "only open known files" line comes into play.
Posted by ben::zen (127 comments )
Reply Link Flag
Oh NOES!!!!!
WAAAAAAAA there's a flaw in the programming! we're all going to get hacked!
Oh wait, you have to open a bunk png file to do so, probably specifically created to exploit this vulnerability. Not a huge deal if you ask me.
Posted by Wazzpants (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.