Danish security clearinghouse Secunia says the researcher Marsu has discovered a vulnerability in Adobe Photoshop attackers could exploit to cause a stack-based buffer overflow and run malicious code.
The problem is an error in the BMP.8BI Photoshop format plug-in that surfaces when Bitmap files are handled. This can be exploited to cause a stack-based buffer overflow via a specially crafted Bitmap file, and successful exploitation can lead to the execution of malicious code, the firm said.
Secunia confirmed the flaw in Adobe Photoshop CS2 and CS3. It warned users not to open untrusted Bitmap files.
A variation of the flaw appears to affect Winamp. In this case, the problem is an error in how MP4 files are handled and can be exploited to cause memory corruption via a specially crafted MP4 file, Secunia said.
The vulnerability is reported in version 5.34 and Secunia recommends users steer clear of untrusted MP4 files.