7.8

CVE-2009-3489

Exploit
Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobePhotoshop Elements Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.95% 0.776
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

http://blogs.adobe.com/psirt/2009/09/potential_photoshop_elements_8.html
Broken Link
http://retrogod.altervista.org/9sg_adobe_pe_local.html
Exploit
Broken Link
http://secunia.com/advisories/36895
Broken Link
http://www.securityfocus.com/archive/1/506806/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/36542
Third Party Advisory
Exploit
Broken Link
VDB Entry
http://www.securitytracker.com/id?1022963
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2009/2798
Permissions Required