Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0122 Adobe Photoshop CS6 Multiple Vulnerabilities 5 September 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Adobe Photoshop CS6 Operating System: Windows Mac OS X Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2012-4170 CVE-2012-0275 Member content until: Friday, October 5 2012 OVERVIEW Adobe has released an update for Adobe Photoshop CS6 fixing multiple vulnerabilities which could result in code execution. IMPACT Adobe has provided the following details on the vulnerabilities: "Adobe has released a security update for Adobe Photoshop CS6 (13.0) for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Note that Adobe Photoshop CS5.1 (12.1.1) and Adobe Photoshop CS5 (12.0.5) and earlier versions for Windows and Macintosh are not affected by these vulnerabilities. No update is required for users of Adobe Photoshop CS5.1 (12.1.1) and Adobe Photoshop CS5 (12.0.5) and earlier versions for Windows and Macintosh. This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2012-4170). This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2012-0275)." [1] MITIGATION The vendor recommends updating to Adobe Photoshop CS6 (13.0.1), as described on their website. [2] REFERENCES [1] Security update available for Adobe Photoshop CS6 http://www.adobe.com/support/security/bulletins/apsb12-20.html [2] Photoshop CS6 13.0.1 Update Now Available http://blogs.adobe.com/photoshopdotcom/2012/08/photoshop-cs6-13-0-1-update-now-available.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUEbgdO4yVqjM2NGpAQJ7PhAAlmZJgq+2yfmE1uiTY+Q8QvZf3x1dpfQj w/80nhB02snGgb8BbjvnCkQbVKtv3LAbAxIlDf//tHlawBl1hU1tY6mULaJhABR6 H0BLV8+yZhEkpof+etQnrVXCaVxWaa0cY1D/0tZk9ZqqmeIA1PHvLYiyrvbiCE+I mof4FQvdFSyktbJsNYeVZLPlm+u22UbXLZOHq6xiV7vn1AOyOFJuSNkepDSeZ3bm W5mB3nmgrHc3SbhhLRBN1y9WYFI/pSLk/V9vperX5tPbSAS2yKrF3KFFjREElbZF Fch7nZ6pTOw+qV68ZEWPWI/22SvbogVnoMPIk1lwQO6X7veXKht+VkdvCXR67hit 2N2+5JEsYUiZcijhu2wY4boOv7CMhZlH1tge2i+EOCF9COuDNF83Izx+9De1msor 6Lfre/eIiQ69Sy6Yv5kBhZBzWjV9oKaNX+43H3Jnp2L+zLtDqh9vDRv0ap86qbzb KB1ghungNkQISTDRjnnUNIa18O6PSru3BWsNdpYm+TeDMsxIFdDAZrCCBiIErxbA lJiE0Cb7Vb+rfTYkvOAabIf7AElSEOpuNNkqBkExgymnYIQYdnCFUqZeJuMwuwHn +n3XlLJxo9uQFPNLAnLdxJMdrfc5YKcoNSWdFgyxxnvXzrRBa4tr6lZ7Em1P1AWT 21hFTplLnjI= =nKcu -----END PGP SIGNATURE-----