Malware infestation through bmp files in Photoshop
A bug has been detected in the Creative Suite 2 and Creative Suite 3 versions of the Adobe Photoshop image editing software, encountered when malformed bitmap files are processed. These files with bmp, dib or rle extensions may trigger a buffer overflow that could be exploited by hackers for arbitrary code execution.
Marsu, who has detected this hole, has provided a sample exploit, which can be used to create manipulated bitmap files to exploit the problem, but does not provide more detailed information on this flaw. So far, Adobe has not published an update to fix this vulnerability. Until a patch is available, users of the affected Photoshop versions are advised only to open bitmap files from trusted sources.
- Adobe Photoshop CS2 / CS3 Unspecified .BMP File Buffer Overflow, sample exploit published by Marsu