Adobe fixes vulnerability in Photoshop Elements
Adobe has released a workaround to fix a vulnerability in version 7.0 and 8.0 of its Photoshop Elements products. According to a security bulletin from Adobe, the vulnerability could allow a user with valid login credentials, or physical access, to execute arbitrary commands with elevated privileges. Using this method, an attacker could gain complete control over a victims system.
The cause of the problem has to do with the Adobe Active File Monitor V8 service, which is installed with Photoshop Elements, and an insecure security descriptor. Adobe advises users to login as an Administrator and follow the steps detailed in the link below to reset the service. The vulnerability has been known since September of this year, however, the company states that it is not aware of any exploits for the issue being used in the wild.
- Workaround available for potential Photoshop Elements privilege escalation issue, advisory from Adobe.
- Vulnerability Summary for CVE-2009-3489, advisory from US-CERT.