While public code has been posted by a researcher named Marsu, there are no reports of active exploits.
The bug resides in Photoshop CS2 and CS3, according to a Secunia advisory. As users await a patch, experts recommend not opening untrusted bitmap files, with extensions .bmp, .dib and .rle.
An Adobe spokesperson could not be reached for comment.