Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.
References
Link | Resource |
---|---|
http://blogs.adobe.com/psirt/2009/09/potential_photoshop_elements_8.html | Broken Link |
http://retrogod.altervista.org/9sg_adobe_pe_local.html | Broken Link Exploit |
http://secunia.com/advisories/36895 | Broken Link |
http://www.securityfocus.com/archive/1/506806/100/0/threaded | Broken Link Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/36542 | Broken Link Exploit Third Party Advisory VDB Entry |
http://www.securitytracker.com/id?1022963 | Broken Link Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2009/2798 | Permissions Required |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-09-30T15:00:00
Updated: 2018-10-10T18:57:01
Reserved: 2009-09-30T00:00:00
Link: CVE-2009-3489
JSON object: View
NVD Information
Status : Analyzed
Published: 2009-09-30T15:30:00.593
Modified: 2024-02-08T15:21:27.093
Link: CVE-2009-3489
JSON object: View
Redhat Information
No data.
CWE