Exploit code released for Adobe Photoshop flaw

Security flaw is deemed "highly critical," but no malicious use of the code has been discovered so far, Secunia says.

Exploit code that could take advantage of a "highly critical" security flaw in the most recent versions of Adobe Photoshop has been published, a security researcher reported.

The security flaw affects Adobe Photoshop Creative Suite 3, as well as CS2, according to a security advisory issued by Secunia on Wednesday.

The vulnerability concerns the way Adobe Photoshop handles the processing of malicious bitmap files, such as .bmp, .dib and .rle. A malicious attacker could exploit the flaw to launch a buffer overflow attack. That buffer overflow would then allow the intruder to take over a user's system.

Although a security researcher has published code to demonstrate how to exploit the vulnerability, Secunia has yet to detect any malicious use of the code, said Thomas Kristensen, Secunia's chief technology officer.

"There are no active exploits out there yet, but any attacks will be limited," Kristensen said. "Photoshop is primarily used by advertising agencies and image editors and not a lot of private individuals."

Until Adobe Systems develops a fix, Secunia advises users to forgo opening bitmap files where the source of the file is not clear or verifiable.

A researcher named Marsu is credited with discovering the vulnerability.

Adobe, meanwhile, issued a statement saying it has been notified of the potential Photoshop security flaw and is investigating the issue.

Adobe recently released Photoshop CS3, which was part of its larger Creative Suite 3 product line, or next-generation design and Web applications. Adobe noted that it will update customers on its Photoshop CS3 investigation as it learns more.

Featured Video

Your Black Friday shopping survival guide

Ready to battle for deals? Bridget Carey helps you plan your strategy with tips on smartphone apps, where to find the best deals, and when to avoid the stores.

by Bridget Carey