Photoshop CS3 (#6): Two major security vulnerabilities extant, according to Secunia; continued installation issues

CNET staff

Sept. 2, 2009 1:26 a.m. PT

2 min read

Two major security flaws Secunia has published two advisories indicating serious security flaws in Photoshop CS3, as well as its CS2 predecessor.

The first flaw can be exploited by a maliciously crafted PNG file (a widely used format, especially in Web publishing) and works through boundary error within the PNG.8BI Photoshop Format Plugin. Once exploited, the flaw allows the potential for execution of arbitrary code.

The second flaw is similar in that it is exploitable through a maliciously crafted bitmap-formatted image through the BMP.8BI Photoshop Format Plugin (used to handle Bitmap files). It likewise holds the potential for arbitrary code execution.

Although there is no direct mention of Mac OS X vulnerability to these flaws, it appears that Mac versions of Photoshop CS3 and CS2 are potentially affected. We are awaiting confirmation from Adobe on that front.

Meanwhile, the temporary prophylactic against both flaws is to not open or use PNG or bitmap (.bmp) files from untrusted sources.

Continued installation issues Meanwhile, despite numerous available fixes (see the "previous coverage" section below), some users are still having difficulty installing Photoshop CS3.

MacFixIt reader Michael Berger writes:

"I spent 5 hours on the phone with adobe yesterday trying to get photoshop to launch. They took me to level 4 in the clean script while logged in as the root user and still nothing. I am on an MacBooPro with the intel. They left me with the promise they would get back to me in two days which I have no problem with I can just re-install CS2 I guess."

Feedback? Late-breakers@macfixit.com.

Previous coverage:

Resources

first flaw

second flaw

Late-breakers@macfixit.com

Photoshop CS3 (#5): More f...

Photoshop CS3 (#4): Beta m...

Photoshop CS3 (#3): Instal...

Adobe Creative Suite 3 (#2...

Adobe Creative Suite 3 (Ph...