Adobe Photoshop - Unpatched BMP image vulnerability - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Adobe Photoshop - Unpatched BMP image vulnerability

Adobe is working to promptly correct this security issue. Users should be careful in loading image files into the Photoshop environment (esp. from email, USB devices, or any other untrusted sources)

Adobe Products BMP Handling Buffer Overflow Vulnerability
http://secunia.com/advisories/29838/

QUOTE: Successful exploitation may allow execution of arbitrary code via a specially crafted BMP file. Reportedly, the vulnerability can also be exploited when a malicious storage device (e.g. USB drives, cameras) is being attached to a vulnerable computer. The vulnerability is reported in Adobe Photoshop Album Starter Edition 3.2 and Adobe After Effects CS3. Other versions may also be affected.

Solution: Do not process untrusted BMP files using the affected applications. Do not connect untrusted storage devices to the local computer.

Original Advisory - Adobe:
http://www.adobe.com/support/security/advisories/apsa08-04.html
http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0551.html

Posted: Apr 22 2008, 03:50 PM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.