Magento recently identified potential exploits that:
Enable an attacker to execute arbitrary code on your Magento server.
Create files with a .csv extension, create writable directories, and change the permission of existing files to world-writable (777).
The following table shows the patch you should get for your version of CE or EE. :
| VERSION | PATCH |
|---|---|
| EE 1.13 and 1.14, CE 1.8 and 1.9 | SUPEE-1533_EE_1.13.x_v1.patch |
| EE 1.12, CE 1.7 | SUPEE-1533_EE_1.12.x_v1.patch |
| EE 1.11, CE 1.6 | SUPEE-1533_EE_1.11.x_v1.patch |
| EE 1.10.1, CE 1.5.1 | SUPEE-1533_EE_1.10.1.x_v1.patch |
| EE 1.10.0.1, CE 1.5.0.1 | SUPEE-1533_EE_1.10.0.x_v1.patch |
| EE 1.9 | SUPEE-1533_EE_1.9.x_v1.patch |
Here are some informations about the patch installation on official Magento website :
How to apply a patch on Magento Community Edition?
How to apply a patch on Magento Enterprise Edition?
And, to finish, the official post about the exploit, and the way to patch it
Resolving a Remote Code Execution Exploit