DTP


 
Lively discussions on the graphic arts and publishing — in print or on the web


Go Back   Desktop Publishing Forum > General Discussions > Software

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
Old 07-21-2007, 08:32 PM   #8
curveto
Member
 
curveto's Avatar
 
Join Date: Feb 2005
Location: some room with white padded walls ... now surrounded by Saguaro Cacti
Posts: 352
Arrow

Quote:
Originally Posted by Andrew B. View Post
I never would have guessed that a PNG opened in Photoshop (and only Photoshop) can compromise a computer.
Any data that is blindly read (typically but not necessarily from an unverifiable source) can. ...and in any process or kernel extension (driver). Someone just found this particular instance.

Unfortunately, the rapid pace of development combined with use of languages/tools who's default behavior is to allow blind writes to memory (C, C++ and many others) leads sloppy development teams to create thousands upon thousands of vulnerabilities in essentially every application on your system (let alone the system itself). That said, given the current system landscape (Windows XP, OS X, Linux) a compromised application can generally only do what your user can do. If the user is prohibited from administrative activities (and the application has been installed to run with those credentials ... the Task Manager will tell you) the application will be too.

You can limit your exposure to buffer overruns on Windows running newer hardware by doing the following:

1) Right-click on My Computer;
2) Select Properties;
3) Select the Advanced tab;
4) In the Performance frame click the Settings button;
5) In Performance Options (window) select the Data Execution Prevention tab;
6) Enable DEP (some motherboards/systems don't support this feature, btw)

Then...

If, you find that enabling DEP leads to any process (application) crash you have encountered a buffer overrun. If you can repeat the condition and cause/stop it from occurring via enabling/disabling DEP call the vendor and provide them the steps you've found that recreate the condition. There software has a DEFECT in it. If you called me (an developer) and gave me this type of information I would have no case to deny that you have found a defect (because you have and any engineer worthy of the title will know it).

JR
curveto is offline   Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Adobe security bulletin ktinkel General Publishing Topics 5 12-09-2006 11:53 AM
Mac MS Office 2004 security updates ktinkel General Publishing Topics 0 10-11-2006 11:19 AM
Photoshop CS2, Camera Raw Updates terrie Images 0 05-16-2006 03:24 PM
Em Software updates ktinkel Print Production & Automation 0 12-19-2005 10:05 AM
Security flaw problem in Adobe CS1 & more terrie Images 0 06-14-2005 01:10 PM


All times are GMT -8. The time now is 06:41 PM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Contents copyright 2004–2014 Desktop Publishing Forum and its members.