"Adobe saying that Photoshop is not a target is like putting out a welcome mat," Storms said. "I'm sure they used to think that PDF wasn't a target, either."

Storms also blasted Adobe for abandoning its users.

"If the prior product was five years old, then I could understand it from a lifecycle perspective," he said. "But Photoshop CS5 is just over two years old."

Adobe launched CS5 in mid-April 2010, and CS5.5 in April 2011.

The vulnerabilities in Photoshop could be exploited with malicious .tif image files, Adobe said. It did not describe the possible attack vectors against Illustrator or Flash Professional.