Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2011.0828 Security update available for Adobe Photoshop CS5 10 August 2011 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Adobe Photoshop CS5 Publisher: Adobe Operating System: Windows Mac OS X Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2011-2131 Original Bulletin: http://www.adobe.com/support/security/bulletins/apsb11-22.html - --------------------------BEGIN INCLUDED TEXT-------------------- Security update available for Adobe Photoshop CS5 Release date: August 9, 2011 Vulnerability identifier: APSB11-22 CVE number: CVE-2011-2131 Platform: Macintosh and Windows Summary A critical vulnerability has been identified in Photoshop CS5 and CS5.1 (12.0 and 12.1) and earlier for Windows and Macintosh that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. To successfully exploit this vulnerability, an attacker would have to convince a user to open a malicious .GIF file in Photoshop CS5. Adobe recommends Photoshop CS5 customers update their Adobe Photoshop CS5 installations using the instructions provided below. Affected software versions Adobe Photoshop CS5 and CS5.1 and earlier versions for Windows and Macintosh Solution Adobe recommends Adobe Photoshop CS5 and CS5.1 users apply the update(s) referenced below: * Photoshop CS5/CS5.1 Standard Multiplugin Update for Windows * Photoshop CS5/CS5.1 Standard Multiplugin Update for Windows (Win64) * Photoshop CS5/CS5.1 Standard Multiplugin Update for Macintosh Severity rating Adobe categorizes this as a critical update and recommends that users apply the latest update for their product installation. Details A critical vulnerability has been identified in Photoshop CS5 and CS5.1 for Windows and Macintosh that could allow an attacker who successfully exploits this vulnerability (CVE-2011-2131) to take control of the affected system. A malicious .GIF file must be opened in Photoshop CS5 by the user for an attacker to be able to exploit this vulnerability. Adobe recommends Photoshop CS5 customers update their Adobe Photoshop CS5 installations using the instructions provided above. This update resolves a memory corruption issue that could lead to code execution (CVE-2011-2131). Acknowledgments Adobe would like to thank Francis Provencher for Protek Research Lab's for reporting the relevant issue (CVE-2011-2131) and for working with Adobe to help protect our customers. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBTkH+N+4yVqjM2NGpAQKk5g/+MJdaVX5Kady9QD+aEZxUUL3t9OV80lp+ u2y03Sr46NXTf4BAcfKLCDJr4P4+DrMWHFp1EYqf7+/D9Ma4MjR6gq/vnHcEXjR5 FHfvxsZsVuj5/6KQ5qw3gKkxypuxifPX26QzcflHeEdy/ofwRaMcE8sia+Bs+OF/ np7tGo6q/D4LJiTaOGPOOxnjCzrdPM7cmaRQQTLxIxMfj9vNNtJrUlc51KQeVIST 1u1VJwgLDvo3nIbwc981pzLSEl/zt+eNPoUmc63WOXrf4DqswUr1gsTYKQqEfGZ4 pO0dnMlhhJ5PESk6NONAjgYpCgpsH7vLpPxGoqN3jHTaXNfjcmPGMpKh4BmJB4q2 iKrUenlzbKbV87dF1v/hcHTaAB/xc3uE5l/NWnhEK3J5zwau5Wx9CpJQVNb5YAeY 4cLvRQTOt5kQPLaX+H0Fmc+2Vre36a0h4FA53txvSSJBC7/Z422+Z2VqoeuE4Lgl AS0vC13fTnds2PDxf0l887vjo+vUmxTki0c4zDa2DcrHwDsseR81RDDhJ20P79Uj WG4tGmfzTiN6Ulbfs/GuLvNLz81BR0wchTiFKtvQTF+k6m4cc4fAV1TSsePR1iQk Q2K3t/v20yEN5o4T0Yg+uQN5Z66sS72kX2Y5lkKEhDw9kMFo0eX9DziLHlJlEd14 7AXkJeRq02w= =pOmB -----END PGP SIGNATURE-----