-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2011.0828
             Security update available for Adobe Photoshop CS5
                              10 August 2011

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Adobe Photoshop CS5
Publisher:         Adobe
Operating System:  Windows
                   Mac OS X
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2011-2131  

Original Bulletin: 
   http://www.adobe.com/support/security/bulletins/apsb11-22.html

- --------------------------BEGIN INCLUDED TEXT--------------------

Security update available for Adobe Photoshop CS5

   Release date: August 9, 2011

   Vulnerability identifier: APSB11-22

   CVE number: CVE-2011-2131

   Platform: Macintosh and Windows

Summary

   A critical vulnerability has been identified in Photoshop CS5 and
   CS5.1 (12.0 and 12.1) and earlier for Windows and Macintosh that could
   allow an attacker who successfully exploits this vulnerability to take
   control of the affected system. To successfully exploit this
   vulnerability, an attacker would have to convince a user to open a
   malicious .GIF file in Photoshop CS5. Adobe recommends Photoshop CS5
   customers update their Adobe Photoshop CS5 installations using the
   instructions provided below.

Affected software versions

   Adobe Photoshop CS5 and CS5.1 and earlier versions for Windows and
   Macintosh

Solution

   Adobe recommends Adobe Photoshop CS5 and CS5.1 users apply the
   update(s) referenced below:
     * Photoshop CS5/CS5.1 Standard Multiplugin Update for Windows
     * Photoshop CS5/CS5.1 Standard Multiplugin Update for Windows
       (Win64)
     * Photoshop CS5/CS5.1 Standard Multiplugin Update for Macintosh

Severity rating

   Adobe categorizes this as a critical update and recommends that
   users apply the latest update for their product installation.

Details

   A critical vulnerability has been identified in Photoshop CS5 and
   CS5.1 for Windows and Macintosh that could allow an attacker who
   successfully exploits this vulnerability (CVE-2011-2131) to take
   control of the affected system. A malicious .GIF file must be opened in
   Photoshop CS5 by the user for an attacker to be able to exploit this
   vulnerability. Adobe recommends Photoshop CS5 customers update their
   Adobe Photoshop CS5 installations using the instructions provided
   above.

   This update resolves a memory corruption issue that could lead to code
   execution (CVE-2011-2131).

Acknowledgments

   Adobe would like to thank Francis Provencher for Protek Research
   Lab's for reporting the relevant issue (CVE-2011-2131) and for working
   with Adobe to help protect our customers.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBTkH+N+4yVqjM2NGpAQKk5g/+MJdaVX5Kady9QD+aEZxUUL3t9OV80lp+
u2y03Sr46NXTf4BAcfKLCDJr4P4+DrMWHFp1EYqf7+/D9Ma4MjR6gq/vnHcEXjR5
FHfvxsZsVuj5/6KQ5qw3gKkxypuxifPX26QzcflHeEdy/ofwRaMcE8sia+Bs+OF/
np7tGo6q/D4LJiTaOGPOOxnjCzrdPM7cmaRQQTLxIxMfj9vNNtJrUlc51KQeVIST
1u1VJwgLDvo3nIbwc981pzLSEl/zt+eNPoUmc63WOXrf4DqswUr1gsTYKQqEfGZ4
pO0dnMlhhJ5PESk6NONAjgYpCgpsH7vLpPxGoqN3jHTaXNfjcmPGMpKh4BmJB4q2
iKrUenlzbKbV87dF1v/hcHTaAB/xc3uE5l/NWnhEK3J5zwau5Wx9CpJQVNb5YAeY
4cLvRQTOt5kQPLaX+H0Fmc+2Vre36a0h4FA53txvSSJBC7/Z422+Z2VqoeuE4Lgl
AS0vC13fTnds2PDxf0l887vjo+vUmxTki0c4zDa2DcrHwDsseR81RDDhJ20P79Uj
WG4tGmfzTiN6Ulbfs/GuLvNLz81BR0wchTiFKtvQTF+k6m4cc4fAV1TSsePR1iQk
Q2K3t/v20yEN5o4T0Yg+uQN5Z66sS72kX2Y5lkKEhDw9kMFo0eX9DziLHlJlEd14
7AXkJeRq02w=
=pOmB
-----END PGP SIGNATURE-----