Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Java JRE and Photoshop CS5

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Adobe Systems
And, this specific program:
Adobe Photoshop CS5 12.x

This thread has been marked as locked.
speedy1971 Java JRE and Photoshop CS5
Member 29th Jul, 2010 07:06
Ranking: 0
Posts: 2
User Since: 29th Jul, 2010
System Score: N/A
Location: US
Seems Adobe installs an insecure version of the Java JRE as part of Photoshop CS5. Has anyone tried removing it under these circumstances?

It installs it into \Program Data\Adobe\CS5\jre (aliased to \Users\All Users\Adobe\CS5\jre so it shows up twice.

(WHY???)

It also updates Adobe AIR to 2.0 but leaves some 1.5 DLLs behind in
\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\ which PSI flags as EOL. Same question there... can that be safely taken out?

Thanks in advance
SS

thedillpickl RE: Java JRE and Photoshop CS5
Contributor 29th Jul, 2010 07:44
Score: 376
Posts: 872
User Since: 3rd May 2009
System Score: 100%
Location: US
Hi speedy1971;

Welcome to the Secunia forum.

Look at this thread regarding CS5 & Java: http://secunia.com/community/forum/thread/show/486...

As to why twice, it is possibly because you've installed it for you (a user) and globally (all users), this is just a guess by the file paths shown. I am unfamiliar with CS5 install procedure.

Adobe Air situation is different. The simplest way might be to just delete using Add/Remove tool in Control Panel, then install fresh. (That's assuming Add/Remove gets it all.)


Regards;

Fred

--
XP Home
Chrome, Firefox, IE8
--
consilio et animis
Was this reply relevant?
+2
-0
speedy1971 RE: Java JRE and Photoshop CS5
Member 30th Jul, 2010 05:33
Score: 0
Posts: 2
User Since: 29th Jul 2010
System Score: N/A
Location: US
Thank you, sir. Yeah so I guess Adobe would make the same justification that Logitech did with older versions of their Harmony Remote software: it really isn't an issue because the java vm won't be running in a browser.

I don't buy that, but of course the real story is they don't want to swat bugs in their code that arise from subtle changes to Java.

I presume the jvm is there for CS Live.

SS
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability