CVE-2009-3489

7.8HIGH

Key Information:

Vendor
Adobe
Status
Photoshop Elements
Vendor
CVE Published:
30 September 2009

Summary

Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.

References

http://www.securityfocus.com/bid/36542
vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2009/2798
vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/archive/1/506806/100/0/threaded
mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.