Security bulletin

Security Advisory for Adobe Photoshop Elements 8

Release date: September 30, 2011

Vulnerability identifier: APSA11-03

CVE number: CVE-2011-2443

Platform: Windows

Summary

Critical vulnerabilities exist in Adobe Photoshop Elements 8.0 and earlier versions. These vulnerabilities (CVE-2011-2443) could cause a crash and potentially allow an attacker to take control of the affected system. An attacker would need to convince a user to open a malicious binary .grd or .abr file to successfully exploit the issue. Adobe is not aware of any attacks exploiting these vulnerabilities against Adobe Photoshop Elements to date. Photoshop Elements 10 and Photoshop Elements 9 are not vulnerable to this issue.

Affected software versions

Adobe Photoshop Elements 8.0 and earlier versions for Windows

Solution

Because Photoshop Elements 8 is no longer supported, Adobe recommends users upgrade to Photoshop Elements 10. Users who cannot upgrade to Photoshop Elements 10 should not open .grd or .abr files from untrusted sources.

Severity rating

Adobe categorizes this as a critical issue.

Details

Critical vulnerabilities exist in Adobe Photoshop Elements 8.0 and earlier versions. These two buffer overflow vulnerabilities (CVE-2011-2443) could cause a crash and potentially allow an attacker to take control of the affected system. An attacker would need to convince a user to open a malicious binary .grd or .abr file to successfully exploit the issue. Adobe is not aware of any attacks exploiting these vulnerabilities against Adobe Photoshop Elements to date. Photoshop Elements 10 and Photoshop Elements 9 are not vulnerable to this issue. Because Adobe Photoshop 8 and earlier versions are no longer supported, Adobe recommends users upgrade to Photoshop Elements 10 or Photoshop Elements 9.

Acknowledgments

Adobe would like to thank Gjoko Krstic of Zero Science Lab (CVE-2011-2443) [PSIRT ID 447-448] for reporting the relevant issue and for working with Adobe to help protect our customers.