Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Photoshop’s Second Flaw Associates With PNG Files

Marsu, who discovered a flaw in Adobe Photoshop in end week of April 2007, has posted an exploit code for another new vulnerability in the software on May 1, 2007.

The flaw is related to the routine for processing PNG (Portable Network Graphics) files. This is another demonstration of the earlier exploit where a maliciously designed file caused buffer overflow. If the exploit is successful it will facilitate execution of any arbitrary code.

Marsu, the hacker found the earlier Photoshop flaw in handling BMP and associated files. At that time, i.e. last week of April 2007, iTWire had warned that it was likely that there could be similar flaws in Photoshop's routines for dealing with other kinds of files. That has turned out true. Marsu published both exploit codes on the Milworm website.

According to an advisory by Secunia, the bug is within the PNG.8BI plug-in. Although the latest vulnerability exists in versions CS3 and CS2 of Photoshop and version 5 of Photoshop Elements, it is likely that other products of Photoshop too have it.

Exploiting the flaw could initiate a stack-based buffer overflow through a harmful PNG file. Secunia has advised users not to open dubious PNG files.

On May 1, 2007 a spokesman for Adobe said that the company was probing the problem to assess the level of threat in the vulnerability and if anything further was necessary to do. SCMagazine published this on May 1, 2007.

The Photoshop flaw issued in April last is due to incorrect processing of bitmap files. Secunia rated it "highly critical".

Talking about the previous flaw Marsu said on the Milworm site that the PNG files could do just as great as bitmap files.

Albeit that exploit code was specifically for Windows, nobody has yet claimed that the plug-in in Mac version doesn't have the same flaw.

PNG.8BI has an alternative open source. SuperPNG claims it has a speed greater than Adobe's plug-in. It also claims to produce smaller PNG files. According to Marsu, his code works even in Corel Paint Shop Pro 11.20 and is valid on Windows XP Service Pack 2.

» SPAMfighter News - 5/7/2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Press Releases - IT Security News

Go back to previous page
Next
-->

Products

SPAMfighter
SLOW-PCfighter
FULL-DISKfighter
DRIVERfighter
VIRUSfighter
SPYWAREfighter
Anti spam / Anti virus business solutions

About

Company
Contact us
Press room
Support
Blog
Sign up for newsletters

Partnerships

Become a partner
Become a reseller
Find a reseller
Become an affiliate
White Label Software

Social media

Facebook
Twitter
Youtube
LinkedIn
© SPAMfighter 2003-2024    All rights reserved.    Privacy Statement    Sitemap