31 Aug 2012
03 Sep 2012
Adobe Photoshop CS6 13.x
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Two vulnerabilities have been discovered in Adobe Photoshop, which can be exploited by malicious people to compromise a user's system.
1) A boundary error in the "Standard MultiPlugin.8BF" module when processing a Portable Network Graphics (PNG) image can be exploited to cause a heap-based buffer overflow via a specially crafted "tRNS" chunk size.
2) Insufficient validation in Photoshop.exe when decompressing SGI24LogLum-compressed TIFF images can be exploited via a specially crafted TIFF image to cause a heap-based buffer overflow.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code, but requires tricking a user into opening a malicious image.
Update to version 13.0.1.
1) Francis Provencher via Secunia.