QwikSec

Security Database

CVE

CWE

Training

CVE-2009-3489

Published: Sep 30, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_VUPEN

20090929 Adobe Photoshop Elements 8.0 Active File Monitor Service Bad Security Descriptor Local Elevation Of Privileges

mailing-list

x_refsource_BUGTRAQ

http://blogs.adobe.com/psirt/2009/09/potential_photoshop_elements_8.html

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

http://retrogod.altervista.org/9sg_adobe_pe_local.html

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.