Adobe released Security Bulletin APSB09-17 for Photoshop Elements
Workaround available for potential Photoshop Elements privilege escalation issue
Release date: November 10, 2009
Vulnerability identifier: APSB09-17
CVE number: CVE-2009-3489
Platform: Windows
Summary
A moderate vulnerability has been identified in Adobe Photoshop Elements versions 8.0 and 7.0. The vulnerability could allow a user with valid login credentials and/or physical access, who successfully exploits the vulnerability, to execute arbitrary commands with elevated privileges. Adobe is not aware of any exploits in the wild for the issue. It is recommended that users update their installations using the instructions provided below.
Affected software versions: Photoshop Elements 8.0, Photoshop Elements 7.0
Solution
Adobe recommends Photoshop Elements (PSE) users login as an Administrator to the machine on which the application has been installed and follow the steps below to mitigate this potential issue:
Go to the Start Menu.
Click run.
Type in "cmd".
Hit Enter / click OK.
For PSE7
Copy and paste the following command: sc sdset AdobeActiveFileMonitor7.0 D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)
For PSE8
Copy and paste the following command: sc sdset AdobeActiveFileMonitor8.0 D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)
Hit Enter.
You should get a response stating "[SC] SetServiceObjectSecurity SUCCESS".
NOTE: This command should be run after PSE has been launched at least once. The initial launch of PSE sets the service to automatic. If this command is run before the initial launch, PSE may fail to set the service to run automatically. Changing the service to automatic will require an administrative account after running the command.
http://www.adobe.com/support/security/bulletins/apsb09-17.html
http://blogs.adobe.com/psirt/2009/11/security_bulletin_-_adobe_phot.html