Description: A vulnerability has been reported in multiple Adobe products, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error when handling BMP files. This can be exploited to cause a buffer overflow via a BMP file having a malformed header.
Successful exploitation may allow execution of arbitrary code via a specially crafted BMP file.
NOTE: Reportedly, the vulnerability can also be exploited when a malicious storage device (e.g. USB drives, cameras) is being attached to a vulnerable computer.
The vulnerability is reported in Adobe Photoshop Album Starter Edition 3.2 and Adobe After Effects CS3. Other versions may also be affected.
Solution: Do not process untrusted BMP files using the affected applications.
Do not connect untrusted storage devices to the local computer.
Provided and/or discovered by: Scott Laurie
Changelog: 2008-05-07: Added vendor link to the "Original Advisory" section.
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
