=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN178
_____________________________________________________________________

DATE                      : 27/05/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows, Mac OS X running Adobe Photoshop CS4
                                       versions prior to 11.0.2.

======================================================================
http://www.adobe.com/support/security/bulletins/apsb10-13.html
______________________________________________________________________

Security update available for Adobe Photoshop CS4

Release date: May 26, 2010

Vulnerability identifier: APSB10-13

CVE number: CVE-2010-1296

Platform: All Platforms


Summary

Critical vulnerabilities have been identified in Photoshop CS4 11.0.1
and earlier for Windows and Macintosh that could allow an attacker who
successfully exploits these vulnerabilities to take control of the
affected system. A malicious .ASL, .ABR, or .GRD file must be opened
in Photoshop CS4 by the user for an attacker to be able to exploit
these vulnerabilities. Adobe recommends Photoshop CS4 customers update
to Photoshop CS4 11.0.2, which resolves these issues.

Note: None of these issues affect Photoshop CS5.


Affected software versions

Adobe Photoshop CS4 version 11.0.1 and earlier for Windows and Macintosh


Solution

Adobe recommends Photoshop CS4 customers update to Photoshop CS4 11.0.2
using the instructions below.

To verify the version of Adobe Photoshop CS4 currently installed,
choose Help > About Adobe Photoshop CS4 from the Adobe Photoshop menu bar. To
check for updates, choose Help > Updates from the Adobe Photoshop menu bar.

Photoshop CS4 customers can also find the Photoshop CS4 11.0.2 update for
Windows or Macintosh here:

    * Adobe Photoshop CS4 11.0.2 update for Windows
    * Adobe Photoshop CS4 11.0.2 update for Macintosh

Note: These issues do not affect Photoshop CS5.
Severity rating

Adobe categorizes these vulnerabilities as critical issues and
encourages all customers to update their installations.


Details

Critical vulnerabilities have been identified in Photoshop CS4 11.01 and
earlier for Windows and Macintosh that could allow an attacker who successfully
exploits these vulnerabilities to take control of the affected system.
A malicious .ASL, .ABR, or .GRD file must be opened in Photoshop CS4 by
the user for an attacker to be able to exploit these vulnerabilities.
Adobe recommends Photoshop CS4 customers update to Photoshop CS4 11.0.2,
which resolves these issues. Adobe also encourages all customers to follow
security best practices by exercising caution before opening any unknown
file or files from unknown sources, regardless of the application used to
open the file.

Note: These issues do not affect Photoshop CS5.
Acknowledgments

Adobe would like to thank Gjoko Krstic of Zero Science Lab (CVE-2010-1296)
for reporting these issues and for working with Adobe to help protect our
customers.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================