The flaws affect the way Photoshop processes certain types of images, and can be exploited when a user opens a specially crafted .png, .bmp, .dib or .rle bitmap image file.
Both vulnerabilities affect Photoshop CS2 and CS3. The .png vulnerability also affects Photoshop Elements 5.x.
When exploited, both vulnerabilities could allow an attacker to remotely execute code on a user's system. No active attacks targeting the vulnerabilities have been reported.
Discovery of both flaws is credited to a security researcher by the name of 'Marsu' on the milw0rm.com vulnerability disclosure site.
Security company Secunia rated both vulnerabilities as 'highly critical', the company's second-highest alert level. Secunia advises users not to open untrusted .png, .bmp, .dib and .rle files.
A spokesperson for Adobe said that the company is currently investigating the reports and declined any further comment.
http://uk.news.yahoo...op-6315470.html