A “highly-critical” security flaw in Adobe Photoshop CS2 and CS3 that could allow remote hackers to access your computer has been reported by security company Secunia.

The flaw involves the way that Photoshop processes bitmap files, such as BMP, DIB and RLE, and allow malicious coders to launch buffer overflow attacks.A buffer overflow attack is where a hacker purposely causes a program to experience an error, so that they can insert their own code, which is then executed.The flaw was discovered by French security researcher “Marsu”, who tested it against Windows XP SP2.

Marsu has discovered a vulnerability in Adobe Photoshop, which can be exploited by malicious people to compromise a user’s system.he vulnerability is caused due to an error within the BMP.8BI Photoshop Format Plugin when handling Bitmap files (e.g. .BMP, .DIB, .RLE). This can be exploited to cause a stack-based buffer overflow via a specially crafted Bitmap file.Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in Adobe Photoshop CS2 and reportedly affects Adobe Photoshop CS3. Other versions may also be affected.

While code has been published by MilwOrm to demonstrate how the flaw can be exploited.

Secunia says that there are no active exploits at the moment.To be affected by this flaw, you would have to receive a bitmap image (most likely via email) and load it into Photoshop.If you’re concerned about this error, Secunia’s advice is to avoid opening bitmap images from unknown or untrusted sources with Photoshop.

Adobe is investigating the issue, and will advise customers as soon as it understands the problem.The original advisory may be viewed here.