Adobe has issued a prepatch advisory for a critical vulnerability in Photoshop Album Starter Edition 3.2, its free image-manipulation software product.
The flaw, which affects Windows users, could be exploited to launch code execution attacks if the target is tricked into opening a malicious BMP file.
The vulnerability remains unpatched.
“Adobe categorizes this as a critical issue and recommends that Photoshop Album Starter Edition 3.2 customers exercise caution when receiving unsolicited or suspicious BMP files,” the company said.
Adobe’s confirmation follows the public release of exploit code detailing buffer overflows in the way the software program parses header images.
According to a post on the Full Disclosure mailing list, the vulnerability is also present in Adobe After Effects CS3 and Adobe Photoshop CS3.
However, Adobe says Photoshop or Photoshop Elements users who have already applied the updates described in Security Bulletin APSB07-13 are not affected.
Secunia rates this as a “highly critical” issue and notes that the vulnerability can also be exploited when a malicious storage device (USB drives, cameras, etc.) is being attached to a vulnerable computer.
* Photo credit: superfem (Creative Commons 2.0).