Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3489

CWE-732Incorrect Permission Assignment5 documents4 sources
Severity
7.8HIGH
EPSS
0.2%
top 54.10%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Adobe Photoshop Elements
Timeline
PublishedSep 30
Latest updateMay 2

Description

Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-8vrj-v84v-pmgx: Adobe Photoshop Elements 82022-05-02
CVEList
CVE-2009-3489: Adobe Photoshop Elements 82009-09-30

💥Exploits & PoCs

2
Exploit-DB
Adobe Photoshop Elements - Active File Monitor Service Privilege Escalation2009-10-29
Exploit-DB
Adobe Photoshop Elements 8.0 - Active File Monitor Privilege Escalation2009-09-29
CVE-2009-3489 (HIGH CVSS 7.8) | Adobe Photoshop Elements 8.0 instal | cvebase.io