Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Buffer Overflows In Adobe Products SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Buffer Overflows In Adobe Products
Seems as if there is a Buffer Overflow in multiple Adobe products.  According to the exploit the following products are affected:

The PNG exploit affects:
 -Photoshop CS2                                                         
-Photoshop CS3
-Photoshop Elements 5.0
-Corel Paint Shop Pro 11.20

And the Bitmap exploit affects:

 -Photoshop CS2                                                         
-Photoshop CS3
The solutions for these exploits, basically, is not to open untrusted .png, .bmp, .dib, or .rle files.   The possibility for remote shells and command execution do exist.   So be cautious.  I am sure there will be more to come.

Joel Esler
http://handlers.sans.org/jesler


Joel

454 Posts
ISC Handler
Apr 30th 2007

Sign Up for Free or Log In to start participating in the conversation!