Headline
CVE-2021-28597: Adobe Security Bulletin
Adobe Photoshop Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction.
Security updates available for Adobe Photoshop Elements | APSB21-46
Bulletin ID
Date Published
Priority
ASPB21-46
June 08, 2021
3
Summary
Adobe has released updates for Photoshop Elements for Windows and macOS. These updates resolve an important vulnerability. Successful exploitation could lead to privilege escalation in the context of the current user.
Affected Versions
Product
Version
Platform
Photoshop Elements (installer)
5.2 and earlier versions
Windows and macOS
Solution
Adobe categorizes these updates with the following priority ratings and recommends users to download the new installer and upgrade their installations.
Product
Version
Platform
Priority
Availability
Photoshop Elements (installer)
5.3
Windows and macOS
3
Download Center
To Verify the version of the installer on your system, please follow the following steps:
For Windows machines: Please check the version of the Setup.exe at C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HDBox
For mac machines: Please check the version of the setup at /Library/Application Support/Adobe/Adobe Desktop Common/HDBox
Please Note: Installer downloaded from Download Center will automatically fetch the files containing the fix.
Vulnerability details
Vulnerability Category
Vulnerability Impact
Severity
CVSS base score
CVSS vector
CVE Numbers
Creation of Temporary File in Directory with Incorrect Permissions
(CWE-379)
Privilege escalation
Important
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2021-28597
Acknowledgments
Adobe would like to thank CQY of Topsec Alpha Team (yjdfy) for reporting these issues and for working with Adobe to help protect our customers.
Revisions
June 28, 2021: Included a note containing the steps to verify the installer version.
For more information, visit https://helpx.adobe.com/security.html, or email [email protected].