Monday, April 30, 2007 4:49 PM cmosby

SANS Internet Storm Center - Buffer Overflows In Adobe Products

 

Buffer Overflows In Adobe Products

Published: 2007-04-30,
Last Updated: 2007-04-30 20:39:18 UTC
by Joel Esler (Version: 1)

Seems as if there is a Buffer Overflow in multiple Adobe products.  According to the exploit the following products are affected:
The PNG exploit affects:

 -Photoshop CS2                                                         
 -Photoshop CS3                                                         
 -Photoshop Elements 5.0                                                
 -Corel Paint Shop Pro 11.20

And the Bitmap exploit affects:

 -Photoshop CS2                                                         
 -Photoshop CS3
The solutions for these exploits, basically, is not to open untrusted .png, .bmp, .dib, or .rle files.   The possibility for remote shells and command execution do exist.   So be cautious.  I am sure there will be more to come.
Joel Esler
http://handlers.sans.org/jesler

Source: SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc

Filed under: , ,

Comments

No Comments