Software update for Adobe Photoshop CS4
Adobe has released Photoshop CS4 version 11.0.2 for Windows and Mac OS X to close holes in the code for processing ASL, ABR and GRD files. The holes allow attackers to gain control of a computer via specially crafted files. To fall victim to the attack, users must manually open the file in Photoshop. Photoshop CS5 is not affected.
All the holes involve buffer overflows that allow arbitrary code to be injected and executed.
See also:
- Security update available for Adobe Photoshop CS4
- Adobe Photoshop CS4 Extended 11.0 ABR File Handling Remote Buffer Overflow PoC
- Adobe Photoshop CS4 Extended 11.0 GRD File Handling Remote Buffer Overflow PoC
- Adobe Photoshop CS4 Extended 11.0 ASL File Handling Remote Buffer Overflow PoC
(djwm)