Vulnerability Details : CVE-2009-3489
Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.
Exploit prediction scoring system (EPSS) score for CVE-2009-3489
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 23 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-3489
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2009-3489
-
Assigned by: nvd@nist.gov (Primary)
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-3489
-
http://www.vupen.com/english/advisories/2009/2798
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
http://www.securitytracker.com/id?1022963
GoDaddy Domain Name SearchBroken Link;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/36542
Broken Link;Exploit;Third Party Advisory;VDB Entry
-
http://blogs.adobe.com/psirt/2009/09/potential_photoshop_elements_8.html
Fastly error: unknown domain blogs.adobe.comBroken Link
-
http://www.securityfocus.com/archive/1/506806/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/36895
About Secunia Research | FlexeraBroken Link
-
http://retrogod.altervista.org/9sg_adobe_pe_local.html
Error 404 :(Broken Link;Exploit
Products affected by CVE-2009-3489
- cpe:2.3:a:adobe:photoshop_elements:8.0:*:*:*:*:*:*:*