Vulnerability in Photoshop Products Allow Malicious Code Injection
Scott Laurie, discoverer of vulnerability in Adobe's Photoshop CS3, Photoshop Album Starter Edition and After Effects CS3, said that it could be exploited to inject trojans in computers running any of the programs through manipulated images, as reported by Heise-Online on April 22, 2008.
In an advisory issued on April 22, 2008, the vulnerability in the products has been described as "highly critical", which is the result of a boundary fault in handling BMP files. The vulnerability could be further exploited to initiate a heap buffer overflow with the help of a BMP file containing a distorted header.
Although the security hole is reported in Photoshop, Adobe Effects CS3 and Photoshop Album Starter Edition 3.2,...
» SPAMfighter News - 25-04-2008