High severity7.8NVD Advisory· Published Sep 30, 2009· Updated Apr 23, 2026

CVE-2009-3489

Description

Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.

Affected products

Adobe Inc./Photoshop Elements
cpe:2.3:a:adobe:photoshop_elements:8.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

retrogod.altervista.org/9sg_adobe_pe_local.htmlnvdBroken LinkExploit
www.securityfocus.com/bid/36542nvdBroken LinkExploitThird Party AdvisoryVDB Entry
www.securityfocus.com/archive/1/506806/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
blogs.adobe.com/psirt/2009/09/potential_photoshop_elements_8.htmlnvdBroken Link
secunia.com/advisories/36895nvdBroken Link
www.vupen.com/english/advisories/2009/2798nvdPermissions Required

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000