Photoshop isn't high on most people's list of ways to hijack a computer, but that doesn't mean it's immune to security risks. Two new flaws have recently been found in venerable photo editing program, including one that allows the execution of arbitrary code.

The latest vulnerability, according to Secunia, a security research firm, is caused by a [boundary error in the PNG Photoshop Format Plugin][1]. The flaw has been confirmed in CS2 and is believed to affect the new CS3 as well.

That news comes on heals of an announcement last week that a flaw in the way Adobe Photoshop handles Bitmap files leaves it open to [exploitation via malicious BMP files][2].


Technically these exploits are not limited to Photoshop, but affect any Adobe product using the plug-ins. Secunia reports that that the BMP exploit has been tested in the wild, but the PNG remains thus far only theoretical.

Still, since Adobe has not released any patches yet, Secunia recommends that users not open untrusted .bmp or .png files.


[1]: http://secunia.com/advisories/25044/ "PNG File Handling Buffer Overflow"
[2]: http://secunia.com/advisories/25023/ "Adobe Photoshop Bitmap File Handling Buffer Overflow Vulnerability "