The vulnerabilities affect the way that Photoshop processes certain types of images, and each can be exploited when a user opens a specially-crafted .png, .bmp, .dib or .rle bitmap image files. Both vulnerabilities affect Photoshop CS2 and CS3. The .png vulnerability also affects Photoshop Elements 5.x.
When exploited, both vulnerabilities could allow an attacker to remotely execute code on a user's system. No active attacks targeting the vulnerabilities have been reported. Discovery of both vulnerabilities is credited to a security reearcher by the name of "Marsu" on the milw0rm.com vulnerability disclosure site.
Security company Secunia rated both of the vulnerabilities as "highly critical", the company's second-highest alert level. Secunia advises users not to open untrusted .png, .bmp, .dib and .rle files.
A spokesperson said that the company is currently investigating the reports and declined any further comment.
_(22).jpg&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
