Adobe Photoshop CS - vulnerability or feature?
Adobe Photoshop CS - vulnerability or feature?
- Subject: Adobe Photoshop CS - vulnerability or feature?
- From: Martin Orpen <email@hidden>
- Date: Thu, 21 Oct 2004 12:46:08 +0100
[A variant of a message that I've posted to uk.comp.sys.mac]
I've just spotted something in Adobe Photoshop CS that I'm not happy with.
The Help menu can be used to launch applications using the "file:" url
scheme.
I was pleased that CS came with a new "File=>Scripts" menu option - but
didn't expect to find this alternative method:
1. Create a simple AppleScript:
display dialog "Oh dear, this app was launched from a URL"
2. Save it as an application here:
/Applications/Adobe Photoshop CS/Help/Additional How To Content/test.app
3. Open the file "Add_001.howto" which is in the same folder as your new
"test.app" in any text editor. Or use any method you want to add the
following line of text:
"How to launch malware" "Security Risk?"
file:///Applications/Adobe Photoshop CS/Help/Additional How To Con
tent/test.app
4. Launch Adobe Photoshop CS and select your new menu option "How to launch
malware => Security Risk?" from the "Help" menu.
Adobe's documentation boasts that you can also point to external links if
you want :-(
I'm going to do a bit more work on this - but it looks like vulnerability
that needs fixing.
Comments anybody?
--
Martin Orpen
Idea Digital Imaging Ltd -- The Image Specialists
http://www.idea-digital.com
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Applescript-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden