CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 4CVE-2009-3489 – Adobe Photoshop Elements - Active File Monitor Service Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-3489
Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command. Adobe Photoshop Elements v8.0 instala Adobe Active File Monitor V8 service con un descriptor de seguridad no seguro, que permite a usuarios locales (1) parar el servicio a través de comando stop, (2) ejecutar comandos de su elección como SYSTEM usando el comando config para modificar la variable binPaht, o (3) reiniciar el servicio a través del comando start. • https://www.exploit-db.com/exploits/9988 https://www.exploit-db.com/exploits/9807 http://blogs.adobe.com/psirt/2009/09/potential_photoshop_elements_8.html http://retrogod.altervista.org/9sg_adobe_pe_local.html http://secunia.com/advisories/36895 http://www.securityfocus.com/archive/1/506806/100/0/threaded http://www.securityfocus.com/bid/36542 http://www.securitytracker.com/id?1022963 http://www.vupen.com/english/advisories/2009/2798 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.3EPSS: 64%CPEs: 1EXPL: 2CVE-2008-1765 – Adobe Album Starter 3.2 - Unchecked Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-1765
Buffer overflow in Adobe Photoshop Album Starter Edition 3.2, and possibly After Effects CS3, allows user-assisted remote attackers and physically proximate attackers to execute arbitrary code via a BMP file with an invalid image header. NOTE: the related issue in Photoshop CS3 is already covered by CVE-2007-2244. Desbordamiento de búfer en Adobe Photoshop Album Starter Edition 3.2, y posiblemente en After Effects CS3, permite a atacantes remotos con usuario asistido, y atacantes físicamente próximos ejecutar código arbitrario a través de un fichero BMP con una cabecera de imagen no válida. NOTE: El problema relacionado con Photoshop CS3 ya está tratado en CVE 2007-2244. • https://www.exploit-db.com/exploits/5479 http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0551.html http://secunia.com/advisories/29838 http://securitytracker.com/id?1019910 http://www.adobe.com/support/security/advisories/apsa08-04.html http://www.securityfocus.com/bid/28874 http://www.vupen.com/english/advisories/2008/1317 https://exchange.xforce.ibmcloud.com/vulnerabilities/41941 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 39%CPEs: 4EXPL: 1CVE-2007-2365 – Photoshop CS2/CS3 / Paint Shop Pro 11.20 - '.png' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-2365
Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0, Illustrator CS3, and GoLive 9 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file. Un desbordamiento de búfer en Adobe Photoshop versiones CS2 y CS3, Photoshop Elements versión 5.0, Illustrator versión CS3 y GoLive versión 9, permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de un archivo .PNG especialmente diseñado. • https://www.exploit-db.com/exploits/3812 http://osvdb.org/35465 http://osvdb.org/38063 http://secunia.com/advisories/25044 http://secunia.com/advisories/26846 http://secunia.com/advisories/26864 http://securitytracker.com/id?1018792 http://www.adobe.com/support/security/bulletins/apsb07-13.html http://www.adobe.com/support/security/bulletins/apsb07-16.html http://www.adobe.com/support/security/bulletins/apsb07-17.html http://www.securityfocus.com/bid/23698 http:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 12%CPEs: 3EXPL: 2CVE-2007-2244 – Adobe Photoshop CS2 / CS3 - '.bmp' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-2244
Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file. Múltiples desbordamientos de búfer en Adobe Photoshop versiones CS2 y CS3, Illustrator versión CS3 y GoLive versión 9, permite a atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de un archivo (1) BMP, (2) DIB o (3) RLE especialmente diseñados. • https://www.exploit-db.com/exploits/3793 http://osvdb.org/38064 http://osvdb.org/38065 http://osvdb.org/38066 http://secunia.com/advisories/25023 http://secunia.com/advisories/26846 http://secunia.com/advisories/26864 http://securitytracker.com/id?1018792 http://www.adobe.com/support/security/bulletins/apsb07-13.html http://www.adobe.com/support/security/bulletins/apsb07-16.html http://www.adobe.com/support/security/bulletins/apsb07-17.html http://www.osvdb.org&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.6EPSS: 0%CPEs: 60EXPL: 0CVE-2006-0525
https://notcve.org/view.php?id=CVE-2006-0525
Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs. • http://secunia.com/advisories/18698 http://securitytracker.com/id?1015577 http://securitytracker.com/id?1015578 http://securitytracker.com/id?1015579 http://www.adobe.com/support/techdocs/332644.html http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf http://www.kb.cert.org/vuls/id/953860 http://www.osvdb.org/22908 http://www.securityfocus.com/archive/1/423587/100/0/threaded http://www.securityfocus.com/bid/16451 http://www.vupen.com/english/advisories/2006/ • CWE-264: Permissions, Privileges, and Access Controls •