ATENCIÓN, vulnerabilidad en Adobe Photoshop

Cuidado con las imágenes con extensión BMP, DIB o RLE que os descarguéis por ahí, ya que a salido una vulnerabilidad con la cual el archivo puede estar corrupto, y al ser ejecutado con Adobe Photoshop CS2 o CS3 comprometer la seguridad de nuestra maquina. Se puede ejecutar una shell remota con control total, pudiendo meternos lo que se os ocurra. Hasta la fecha no hay parche.

El anuncio original publicado en FrSIRT (la web ya no está disponible) :

A vulnerability has been identified in Adobe Photoshop, which could be exploited by attackers to cause a denial of service or execute arbitrary code. This issue is caused by buffer overflow errors when handling a malformed «BMP», «DIB» or «RLE» file, which could be exploited by attackers to take complete control of an affected system by tricking a user into opening a specially crafted file using a vulnerable application.

Affected Products

Adobe Photoshop CS3
Adobe Photoshop CS2

Solution

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/1523

Credits

Vulnerability reported by Marsu

ChangeLog

2007-04-24 : Initial release

Vulnerability Management

Receive up-to-the-minute alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available. Subscribe to FrSIRT VNS.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Ir arriba