Vulnerability Note VU#116875
Adobe PhotoDeluxe does not adequately restrict Java execution
A vulnerability exists in Adobe PhotoDeluxe that allows a malicious web page or HTML email message viewed with Microsoft Internet Explorer to obtain directory listings or potentially download and execute arbitrary code on the local system.
Adobe PhotoDeluxe is an image manipulation application for the Windows platform. PhotoDeluxe is geared towards the home user market and is bundled with a number of image capture devices, such as scanners and digital cameras. Dr. Hiromitsu Takagi has reported that Java code installed by PhotoDeluxe is given privileged access to the local system and can be exploited by a malicious web page or HTML email message viewed through Internet Explorer. Dr. Takagi's analysis is available here:
According to the Sun Java Applet Security FAQ:
1. The applet is installed on the local hard disk, in a directory on the CLASSPATH used by the program that you are using to run the applet. Usually, this is a Java-enabled browser, but it could be the appletviewer, or other Java programs that know how to load applets.
Since the location of the PhotoDeluxe Java code is specified in the CLASSPATH environment variable, applets that call the code have privileged access to the local system. Through Microsoft Internet Explorer, applets using the PhotoDeluxe Java code can be scripted and used to obtain directory listings on the local system. A more serious risk exists if Internet Explorer is started from within PhotoDeluxe via a Link button. In this case, the PhotoDeluxe Java code can be leveraged to download a Java archive that can in turn be used to execute arbitrary code on the local system.
By enticing a user to view a malicious web page or HTML email message, an attacker may obtain directory listings or cause arbitrary code to be downloaded and executed with the privileges of the current user. If an attacker controls DNS information, they may be able to subvert the Connectables function without the user's knowledge.
Disable Active scripting and Java
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Adobe||Affected||25 Jan 2002||09 Feb 2002|
|Microsoft||Unknown||28 Jan 2002||29 Jan 2002|
CVSS Metrics (Learn More)
The CERT Coordination Center thanks Dr. Hiromitsu Takagi for reporting this issue.
This document was written by Art Manion.
- CVE IDs: Unknown
- Date Public: 18 Jul 2001
- Date First Published: 09 Feb 2002
- Date Last Updated: 09 Feb 2002
- Severity Metric: 2.88
- Document Revision: 51
If you have feedback, comments, or additional information about this vulnerability, please send us email.