Another critical flaw found in Photoshop CS3

Stephen Withers
Tuesday, 01 May 2007 07:05

Your IT - Home IT

Secunia has reported another "highly critical" security flaw in Photoshop CS3, the second in a week.

This time the problem involves the routine used to process PNG (Portable Network Graphics) files. It's another example of the old 'maliciously crafted file causes a buffer overflow' problem. A successful exploit allows the execution of arbitrary code.

The flaw was discovered by 'Marsu', who found last week's flaw in Photoshop's handling of BMP and related files. iTWire's warning at that time ("It is also possible that Photoshop's routines for handling other types of files have similar flaws") has thus been borne out.

The bug lies in the PNG.8BI plugin. Other software known to be vulnerable includes Photoshop CS2, Photoshop Elements 5 and Paint Shop Pro 11, but there could be others.

Marsu has posted a sample exploit, so users should add PNG to the list of files types to be avoided unless they come from a trusted source.

Although that exploit is coded specifically for Windows, nobody seems to be claiming that the Mac version of the plug-in doesn't contain the same vulnerability.

There is an open source alternative to PNG.8BI: SuperPNG claims to be faster than Adobe's plug-in, as well as generating smaller PNG files. iTWire makes no comment on how secure it is, or its compatibility with recent versions of Photoshop.