Alert Date: 04/23/08

Alert Title: *UNPATCHED* Vulnerability in Photoshop Album Starter Edition 3.2

Update-to: None.

OS/Platform/Application:

Adobe Photoshop Album Starter Edition 3.2
(on all supported systems)

Category: ALERT

Severity: MEDIUM

Attention: Photoshop Album Starter Edition 3.2 users, System Administrators, Desktop Support Personnel

Summary: Multiple Internet security resources are currently reporting the existence of a security vulnerability in Adobe systems' Photoshop Album Starter Edition 3.2 software.  Photoshop Album starter is a popular freeware photo editing and sharing application.  The most likely mechanism of exploitation for this vulnerability is the opening of maliciously-crafted Bitmap (.BMP) files.  Successful exploitation of a vulnerable computer could result in a range of unfavorable outcomes including program/system crash and complete system takeover.

Recommended Actions:  At the time of this writing (9:15 AM 4/23/08) no patch for this vulnerability has been made available from the vendor.  Adobe has published a security advisory that pertains to the vulnerability and is currently rating it as a critical issue.  Photoshop Album Starter Edition 3.2 users and system administrators/support personnel are encouraged to read the security advisories (safe links provided below) and to USE EXTREME CAUTION in the handing of bitmap (.BMP) files, especially ones sent from untrusted resources and/or found on websites, documents, etc.  

Readers are encouraged to share this alert with family, friends, and associates who may use Photoshop Album Starter Edition 3.2 on their home PCs.

ITS Actions: N/A

Resources:

Adobe Security Advisory:
http://www.adobe.com/support/security/advisories/apsa08-04.html

Secunia Advisory (also details a similar issue with Adobe After Effects CS3):
http://secunia.com/advisories/29838/