Lively discussions on the graphic arts and publishing — in print or on the web

Go Back   Desktop Publishing Forum > General Discussions > Software

Thread Tools Display Modes
Prev Previous Post   Next Post Next
Old 07-21-2007, 07:32 PM   #8
curveto's Avatar
Join Date: Feb 2005
Location: some room with white padded walls ... now surrounded by Saguaro Cacti
Posts: 352

Originally Posted by Andrew B. View Post
I never would have guessed that a PNG opened in Photoshop (and only Photoshop) can compromise a computer.
Any data that is blindly read (typically but not necessarily from an unverifiable source) can. ...and in any process or kernel extension (driver). Someone just found this particular instance.

Unfortunately, the rapid pace of development combined with use of languages/tools who's default behavior is to allow blind writes to memory (C, C++ and many others) leads sloppy development teams to create thousands upon thousands of vulnerabilities in essentially every application on your system (let alone the system itself). That said, given the current system landscape (Windows XP, OS X, Linux) a compromised application can generally only do what your user can do. If the user is prohibited from administrative activities (and the application has been installed to run with those credentials ... the Task Manager will tell you) the application will be too.

You can limit your exposure to buffer overruns on Windows running newer hardware by doing the following:

1) Right-click on My Computer;
2) Select Properties;
3) Select the Advanced tab;
4) In the Performance frame click the Settings button;
5) In Performance Options (window) select the Data Execution Prevention tab;
6) Enable DEP (some motherboards/systems don't support this feature, btw)


If, you find that enabling DEP leads to any process (application) crash you have encountered a buffer overrun. If you can repeat the condition and cause/stop it from occurring via enabling/disabling DEP call the vendor and provide them the steps you've found that recreate the condition. There software has a DEFECT in it. If you called me (an developer) and gave me this type of information I would have no case to deny that you have found a defect (because you have and any engineer worthy of the title will know it).

curveto is offline   Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Adobe security bulletin ktinkel General Publishing Topics 5 12-09-2006 10:53 AM
Mac MS Office 2004 security updates ktinkel General Publishing Topics 0 10-11-2006 10:19 AM
Photoshop CS2, Camera Raw Updates terrie Images 0 05-16-2006 02:24 PM
Em Software updates ktinkel Print Production & Automation 0 12-19-2005 09:05 AM
Security flaw problem in Adobe CS1 & more terrie Images 0 06-14-2005 12:10 PM

All times are GMT -8. The time now is 05:21 PM.

Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2018, vBulletin Solutions, Inc.
Contents copyright 2004–2018 Desktop Publishing Forum and its members.