03 Oct 2011
05 Oct 2011
Adobe Photoshop Elements 1.x
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Gjoko Krstic has discovered a vulnerability in Adobe Photoshop Elements, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error when processing certain structures within Brush (ABR) and Gradient (GRD) files. This can be exploited to cause a heap-based buffer overflow via a specially crafted ".abr" or ".grd" file.
Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening a malicious file.
The vulnerability is confirmed in version 8.0 20090905.r.605812 and reported by the vendor to affect versions 8.0 and earlier.
Upgrade to version 10.
Gjoko Krstic, Zero Science Lab.
Zero Science Lab: