Adobe warns of critcial vulnerabilities in Photoshop Elements
Adobe is warning users of security vulnerabilities in Photoshop Elements, the consumer version of its image editing program. According to the company, all versions from 1.0 up to and including 8.0 for Windows contain buffer overflow bugs, which Adobe rates as "Critical"; these could potentially be exploited by an attacker to compromise a victim's system by executing arbitrary code. For an attack to be successful, a victim must first open a malicious gradient (.grd) or brush (.abr) file.
As Photoshop Elements 8 is no longer supported, no updates will be provided to fix these bugs; version 9 and 10 are not affected. The company advises users to not open files from untrusted sources or to upgrade to version 10, which is a new paid version. The holes were discovered by Gjoko Krstic from Zero Science Lab.
- Security Advisory for Adobe Photoshop Elements 8, security advisory from Adobe.