A “highly-critical” security flaw in Adobe Photoshop CS2 and CS3 that could allow remote hackers to access your computer has been reported by security company Secunia.

The flaw involves the way that Photoshop processes bitmap files, such as BMP, DIB and RLE, and allow malicious coders to launch buffer overflow attacks.

A buffer overflow attack is where a hacker purposely causes a program to experience an error, so that they can insert their own code, which is then executed.

The flaw was discovered by French security researcher “Marsu”, who tested it against Windows XP SP2.

While code has been published by MilwOrm to demonstrate how the flaw can be exploited, Secunia says that there are no active exploits at the moment.

To be affected by this flaw, you would have to receive a bitmap image (most likely via email) and load it into Photoshop.

If you’re concerned about this error, Secunia’s advice is to avoid opening bitmap images from unknown or untrusted sources with Photoshop.

Adobe is investigating the issue, and will advise customers as soon as it understands the problem.

The original advisory may be viewed here.

What happened to the good old days when you could use your image editor without worrying about whether your system might be taken over by hackers?

Related:

Entry was posted on Sunday, April 29th, 2007 at 12:32 pm under Security.

Read more entries by John Pospisil.
Stumble It!