Title: Adobe PhotoDeluxe Java Execution Vulnerability
Severity: HIGH
Description:
Adobe PhotoDeluxe is image editing/photo album software that ships with a number of imaging devices. It runs on Microsoft Windows 9x/ME/NT/2000/XP operating systems.
Adobe PhotoDeluxe installs sensitive Java code in a public location. The Java classes may be executed by a malicious website or via HTML e-mail.
One of Adobe PhotoDeluxe's features is to allow users to download extra design elements from the Adobe website. The functionality is called "Connectables" and is accomplished via the installation of Java code on the user's system.
This problem is due to the fact that the when the Java code is installed on the user's system by Adobe PhotoDeluxe, the location of the code is added to the CLASSPATH environment variable. This means that any applets that use the code have privileged access to the user's system.
Since the Connectables Java code is installed in an insecure manner, this security problem may be exploited malicious webpages or HTML e-mail viewed through the Internet Explorer web browser.
This may grant unauthorized access to sensitive information on an affected user's system. This problem, in some cases, may also result in the execution of arbitrary code.
Versions of Adobe PhotoDeluxe also exist for MacOS, though it is not known whether they are affected by this issue.
Affected Products:
- Adobe PhotoDeluxe 3.0.0
- Adobe PhotoDeluxe 3.1.0
- Adobe PhotoDeluxe 4.0.0
References:
- CERT/CC: Vulnerability Note VU#116875
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
