CVE-2009-3489
HIGHAdobe Photoshop Elements - Incorrect Permission Assignment
Title source: ruleDescription
Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by bellick · textlocalwindows
https://www.exploit-db.com/exploits/9988
exploitdb
WORKING POC
VERIFIED
by pyrokinesis · textlocalwindows
https://www.exploit-db.com/exploits/9807
References (7)
Core 7
Core References
Broken Link, Exploit, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36542
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2798
Broken Link, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/506806/100/0/threaded
Broken Link x_refsource_misc
http://blogs.adobe.com/psirt/2009/09/potential_photoshop_elements_8.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022963
Broken Link, Exploit x_refsource_misc
http://retrogod.altervista.org/9sg_adobe_pe_local.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36895
Scores
CVSS v3
7.8
EPSS
0.0023
EPSS Percentile
45.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (1)
adobe/photoshop_elements
8.0
Published
Sep 30, 2009
Tracked Since
Feb 18, 2026