Vulnerabilidad en Adobe Photoshop CS2 y CS3
Se ha descubierto recientemente que las versiones CS2 y CS3 de Adobe Photoshop, contiene un gran error a la hora de abrir una imagen con extensión PNG. Si estas imágenes estuviera corruptas y contuviera una shell, nuestra máquina podría verse gravemente afectada y el atacante obtener el control total de nuestro pc.
Por ahora no hay ningún parche para esta vulnerabilidad.
Anuncio de FrSIRT:
A vulnerability has been identified in Adobe Photoshop, which could be exploited by attackers to cause a denial of service or execute arbitrary code. This issue is caused by buffer overflow errors when handling a malformed “BMP”, “DIB” or “RLE” file, which could be exploited by attackers to take complete control of an affected system by tricking a user into opening a specially crafted file using a vulnerable application.
Affected Products
Adobe Photoshop CS3
Adobe Photoshop CS2
Solution
The FrSIRT is not aware of any official supplied patch for this issue.
References
http://www.frsirt.com/english/advisories/2007/1523
Credits
Vulnerability reported by Marsu
ChangeLog
2007-04-24 : Initial release
Receive up-to-the-minute alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available. Subscribe to FrSIRT VNS.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
Enlace: http://www.frsirt.com/english/
