Exploit code for a critical vulnerability for Adobe Photoshop has been made publicly available.

US-CERT warns:

US-CERT is aware of a possible vulnerability in Adobe Photoshop that may allow an attacker to cause a stack-based buffer overflow. By persuading a user to open a crafted bitmap file (e.g., .BMP, .DIB, .RLE), an attacker may be able to execute arbitrary code on the user’s system.

US-CERT recommends that users not open untrusted bitmap files, and will continue to investigate and provide additional information as it becomes available.

[Adobe Photoshop Bitmap File Handling Vulnerability]

Corel Paint Shop Pro users should also be aware that there is a different flaw in that program that is currently being exploited. That exploit uses .clp files.

Currently, there are no patches available for the Adobe or Corel exploits. As always, you must be very careful when opening files received by email. Don’t forget that emails maybe forged and may not actually be from the stated sender. If you’re not expecting a file, and receive one from a trusted sender, it’s always best to still check with them by phone or IM to ensure they sent it to you.

[tags]adobe photoshop, photoshop, corel, paint shop pro, corel paint shop pro, bmp, vulnerability, security[/tags]