Critical buffer overflow vulnerability in Photoshop CS6

Adobe has released an update for Photoshop CS6 that closes a critical heap-based buffer overflow vulnerability (CVE-2012-4170) in its popular graphics editing program. Both the Mac and Windows versions of Photoshop CS6 (aka Photoshop 13.0) contain a critical vulnerability that could allow an attacker to take control of affected systems.

Furthermore, company officials say Adobe is unaware of any attacks against this vulnerability.That said, the Photoshop 13.0.1 update contains 75 other bug fixes, including 31 for problems known to cause crashes, 18 pertaining to 3D features, and 15 for drawing and graphics features.

Adobe said that users and administrators can download and install the patch by lunching the “update” tool within the Photoshop help menu.The company credited a pair of Secunia researchers in discovering and reporting the flaw directly.

According to a Secunia advisory, the problem is caused by a boundary error in the “Standard MultiPlugin.8BF” module when processing certain PNG image files. Both Windows and Mac OS X versions of Photoshop CS6 (13.0) are affected and upgrading to the new 13.0.1 release fixes the problem.