Security researchers are warning of a brace of unpatched flaws in Adobe Photoshop that allow hackers to gain control of vulnerable PCs.
The first vulnerability – which affects Adobe Photoshop CS2, Adobe Photoshop CS3, and Adobe Photoshop Elements 5.x – leaves users open to attack if they open malformed PNG graphics files.
Discovered by white hat hacker Marsu, the flaw stems from a stack-based buffer overflow bug in a Photoshop Format Plugin involved in handling PNG files.
Marsu has also discovered a similar buffer overflow vulnerability in Adobe Photoshop CS2 and Adobe Photoshop CS3 involved in the handling of Bitmap files.
Successful exploitation of either security bug allows the execution of arbitrary code. Users are advised not to open untrusted PNG or Bitmap files pending the release of a security update from Adobe. ®