Local Elevation of Privileges in Adobe Photoshop Elements by Adobe Systems
CVE-2009-3489

7.8HIGH

Key Information:

Vendor
Adobe
Status
Photoshop Elements
Vendor
CVE Published:
30 September 2009

Summary

Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor. This vulnerability allows local users to manipulate the service in several ways: they can stop it using the stop command, execute arbitrary commands with SYSTEM privileges by modifying the binPath variable via the config command, or restart it using the start command. This improper configuration raises significant security concerns, as it enables unauthorized users to gain elevated privileges on the system.

References

http://www.securityfocus.com/bid/36542
vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2009/2798
vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/archive/1/506806/100/0/threaded
mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.