Adobe Photoshop Elements Active File Monitor Service Privilege Escalation (APSB09-17)

This script is Copyright (C) 2009-2017 Tenable Network Security, Inc.


Synopsis :

An improperly configured Windows service has a privilege escalation
vulnerability.

Description :

The Adobe Active File Monitor service, installed with Adobe Photoshop
Elements, is installed on the remote host. This service is configured
improperly by default, allowing unprivileged users to modify its
properties. An unprivileged, local attacker could exploit this to
execute arbitrary commands as SYSTEM.

See also :

http://seclists.org/bugtraq/2009/Sep/237
http://www.adobe.com/support/security/bulletins/apsb09-17.html

Solution :

Apply the workaround referenced in the vendor's advisory.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.5
(CVSS2#E:F/RL:W/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 42861 ()

Bugtraq ID: 36542

CVE ID: CVE-2009-3489

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now