Accessibility

Security bulletin

Security update available for Adobe Photoshop CS5

Release date: August 9, 2011

Vulnerability identifier: APSB11-22

CVE number: CVE-2011-2131

Platform: Macintosh and Windows

Summary

A critical vulnerability has been identified in Photoshop CS5 and CS5.1 (12.0 and 12.1) and earlier for Windows and Macintosh that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. To successfully exploit this vulnerability, an attacker would have to convince a user to open a malicious .GIF file in Photoshop CS5. Adobe recommends Photoshop CS5 customers update their Adobe Photoshop CS5 installations using the instructions provided below.

Affected software versions

Adobe Photoshop CS5 and CS5.1 and earlier versions for Windows and Macintosh

Solution

Adobe recommends Adobe Photoshop CS5 and CS5.1 users apply the update(s) referenced below:

Severity rating

Adobe categorizes this as a critical update and recommends that users apply the latest update for their product installation.

Details

A critical vulnerability has been identified in Photoshop CS5 and CS5.1 for Windows and Macintosh that could allow an attacker who successfully exploits this vulnerability (CVE-2011-2131) to take control of the affected system. A malicious .GIF file must be opened in Photoshop CS5 by the user for an attacker to be able to exploit this vulnerability. Adobe recommends Photoshop CS5 customers update their Adobe Photoshop CS5 installations using the instructions provided above.

This update resolves a memory corruption issue that could lead to code execution (CVE-2011-2131).

Acknowledgments

Adobe would like to thank Francis Provencher for Protek Research Lab's for reporting the relevant issue (CVE-2011-2131) and for working with Adobe to help protect our customers.