Tuesday, April 22, 2008

Photoshop Executes Injected Code

Via heise Security News.

Scott Laurie has discovered a vulnerability in Adobe's Photoshop CS3, After Effects CS3 and Photoshop Album Starter Edition that attackers can use to inject trojans using manipulated images. Security specialist Kevin Finisterre has also reported the flaw. No updates that remedy the flaw have yet been released.

Laurie writes that the Adobe products in question do not check the headers of image files when processed, but merely assumed that the values are valid. As a result, buffer overflows can occur, allowing execution of any injected code. In his security advisory, Laurie provides some sample code of a specially crafted BMP file to demonstrate the vulnerability in Photoshop Album Starter Edition 3.2 under Windows XP SP2.

The flaw can be exploited when the software opens manipulated files. Photoshop Album Starter Edition also automatically searches removable media, such as USB sticks, when they are connected to the computer allowing manipulated files to inject malicious code as soon as the USB stick is plugged in. Apparently, this attack succeeds whenever the computer is running – even when it is locked.

More here.

0 Comments:

Post a Comment

<< Home