Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > May 2008 > 3609 - Photoshop Album Starter Edition 3.2

May 2008

3609 - Photoshop Album Starter Edition 3.2

ID: 3609
Date: 01/05/2008
Title: 3609 - Photoshop Album Starter Edition 3.2
Platform level affected:Net Application - Client
Hardware components affected:Intel PC
Specific operating systems components affected: 32-bit Windows
Net-enabled software: Enterprise Application
Other software: Office Automation
Remediation Summary:The manufacturer has reported a problem with this product but has yet to publish a solution. CPNI advise that additional care is exercised when using this product.
Vendors affected:Adobe
Applications affected:Photoshop Album Starter Edition 3.2
Adversity source: Unknown
Attack Vector: Vulnerability exploitation
Virulence: Unknown
Warning Status: Unknown
Potential Damage: Remote execution/modification
Possible Duration: Unknown
Availability of fix: Future
Type of fix: Patch
Source: http://www.adobe.com/support/security/advisories/apsa08-04.html
Reliability of source: Trusted
Source URL: http://www.adobe.com/support/security/advisories/apsa08-04.html
CVE: CVE-2008-1765
Abstract: This advisory concerns an Adobe vulnerability notice about a recently published security issue in Adobe Photoshop Album Starter Edition 3.2 that could potentially cause code execution.

Potential vulnerability in Photoshop Album Starter Edition 3.2

Release date: April 21, 2008

Vulnerability identifier: APSA08-04

CVE number: CVE-2008-1765

Platform: Windows

Affected Software: Photoshop Album Starter Edition 3.2

Summary

Adobe is aware of a recently published security issue in Adobe Photoshop Album Starter Edition 3.2 that could potentially cause code execution. An attacker would need to convince a user to open a malicious BMP file to successfully exploit the issue. This issue does not affect Photoshop or Photoshop Elements users who have already applied the updates described in Security Bulletin APSB07-13.

Details

An attacker would need to convince a user to open a malicious BMP file in Photoshop Album Starter Edition to successfully exploit the issue. Adobe recommends that customers exercise caution when receiving unsolicited or suspicious BMP files. This issue does not affect Photoshop or Photoshop Elements users who have already applied the updates described in Security Bulletin APSB07-13.

Adobe is working to address the issue in the affected product. Further details will be published on the Adobe Security Bulletin page at http://www.adobe.com/support/security. All documented security vulnerabilities and their solutions are distributed through the Adobe security notification service. You can sign up for the service at the following URL:

http://www.adobe.com/cfusion/entitlement/index.cfm?e=szalert.

Severity Rating

Adobe categorizes this as a critical issue and recommends that Photoshop Album Starter Edition 3.2 customers exercise caution when receiving unsolicited or suspicious BMP files.

This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.

The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.

CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.

Thu, 01 May 2008 16:29:00 GMT
Domain affected: Technical
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |