Adobe has released updates for its Flash Player and Photoshop CS2/CS3 software to fix holes that can be exploited by attackers, for instance to inject malicious code through specially crafted web pages or e-mail attachments.

“While an input validation error could lead to arbitrary code execution in Flash Player 9.0.45.0 and prior versions, insufficient validation of the HTTP Referer in Flash Player 8.0.34.0 and earlier versions might help attackers to execute cross-site scripting attacks. Another security problem related to the Opera and Konqueror browsers exists in Flash Player 7 (version 7.0.70.0) for Linux and Solaris, but Adobe does not provide more detailed information on this issue. The vendor advises users to upgrade to version 9.0.47, but also provides patches for other versions of the software.”

“The updates for Photoshop CS2 and CS3 fix the vulnerabilities detected by Marsu at the end of April. These can be triggered when manipulated BMP, DIB, RLE and PNG image files are handled, and could lead to arbitrary code injection and execution. A malicious image, e.g., from an e-mail attachment, must be opened in Photoshop in order to achieve this. Links to patches for Windows and Mac OS X are provided in the security advisory. The vendor advises users to install the update as soon as possible. ”

Reported by heise-security UK.

Download Flash Player update and read more
Download Photoshop CS2 and CS3 updates and read more

vivek