initial commit

1 files changed, 14 insertions, 0 deletions

diff --git a/published/Webmonkey/Monkey_Bites/2007/04.30.07/Mon/photoshopflaws.txt b/published/Webmonkey/Monkey_Bites/2007/04.30.07/Mon/photoshopflaws.txt
new file mode 100644
index 0000000..f47a075
--- /dev/null
+++ b/published/Webmonkey/Monkey_Bites/2007/04.30.07/Mon/photoshopflaws.txt
@@ -0,0 +1,14 @@
+Photoshop isn't high on most people's list of ways to hijack a computer, but that doesn't mean it's immune to security risks. Two new flaws have recently been found in venerable photo editing program, including one that allows the execution of arbitrary code.
+
+The latest vulnerability, according to Secunia, a security research firm, is caused by a [boundary error in the PNG Photoshop Format Plugin][1]. The flaw has been confirmed in CS2 and is believed to affect the new CS3 as well.
+
+That news comes on heals of an announcement last week that a flaw in the way Adobe Photoshop handles Bitmap files leaves it open to [exploitation via malicious BMP files][2].
+
+
+Technically these exploits are not limited to Photoshop, but affect any Adobe product using the plug-ins. Secunia reports that that the BMP exploit has been tested in the wild, but the PNG remains thus far only theoretical.
+
+Still, since Adobe has not released any patches yet, Secunia recommends that users not open untrusted .bmp or .png files.
+
+
+[1]: http://secunia.com/advisories/25044/ "PNG File Handling Buffer Overflow"
+[2]: http://secunia.com/advisories/25023/ "Adobe Photoshop Bitmap File Handling Buffer Overflow Vulnerability "
\ No newline at end of file