The portable-network graphics, or PNG, plug-in vulnerabilities were discovered in Adobe Photoshop Creative Suite 3 (CS3), Photoshop CS2, and Adobe Photoshop Elements (Editor) version 5.0 for Windows, according to a report released Monday by Secunia, which cited a researcher named "Marsu" with the discovery. Marsu tested a public exploit against versions of the software running Windows XP SP2.
These security flaws follow a report last week by Marsu thatin Adobe Photoshop CS3 and CS2 for Windows.
The vulnerabilities reported on Monday can be exploited via a boundry error in the PNG.8BI Photoshop format plug-in when processing PNG files. Using a malicious PNG file, attackers can exploit the flaws to launch a buffer overflow attack to compromise the user's system.