In its advisory, Adobe acknowledges Secunia researchers for discovering and reporting the problems. According to Secunia vulnerabilities CVE-2012-0275 and CVE-2012-4170 can be exploited remotely to execute arbitrary code and take control of the affected system. The problem is down to a boundary error when processing a PNG image that can be exploited to cause a heap-based buffer overflow. It does, however, require engineering the user into opening a malicious image.
The update is given an Adobe priority 3 rating. This implies that although the vulnerabilities are critical, Photoshop itself is not a traditional target for attackers. Administrators are therefore advised to “install the update at their discretion.”
The problem does not affect Photoshop CS5.1, CS5 nor earlier versions of the software. These earlier versions do not need to be updated.