好的,我需要帮用户总结这篇文章的内容,控制在100字以内。首先,我得通读全文,抓住关键点。文章讲的是Adobe Photoshop通过微软商店安装时存在一个权限提升漏洞。 漏洞出现在安装程序Photoshop_Set-Up.exe版本2.11.0.30中。低权限用户可以在安装过程中替换文件,导致权限被意外提升。CVSSv3评分为8.2,属于高危漏洞。 接下来,我需要把这些信息浓缩成一句话,确保不超过100字。要包含软件名称、漏洞类型、影响以及评分。这样用户就能快速了解主要内容了。 </think> Adobe Photoshop通过微软商店安装时存在权限提升漏洞,低权限用户可替换安装文件以获取高权限,CVSSv3评分为8.2。 2026-4-21 23:59:24 Author: talosintelligence.com(查看原文) 阅读量:0 收藏
SUMMARY
A privilege escalation vulnerability exists during the installation of Adobe Photoshop via the Microsoft Store. The vulnerable version of the installer is Photoshop_Set-Up.exe 2.11.0.30. A low-privilege user can replace files during the installation process, which may result in unintended elevation of privileges.
CONFIRMED VULNERABLE VERSIONS
The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor.
Adobe Photoshop Photoshop_Set-Up.exe version 2.11.0.30
PRODUCT URLS
Photoshop - https://www.adobe.com/products/photoshop.html
CVSSv3 SCORE
8.2 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CWE
CWE-284 - Improper Access Control
DETAILS
Adobe Photoshop is a powerful software for image creation, photo editing, and graphic design. It provides advanced tools for photo retouching, compositing, digital painting, and creating stunning visual effects. It is one of the most widely used tools for professional digital art.
Adobe Photoshop is vulnerable to a privilege escalation issue when installed via the Microsoft Store application. When a user attempts to install Adobe Photoshop, the following events occur in the background:
WindowsPackageManagerServer.exedownloads and runsPhotoshop_Set-Up.exe.Photoshop_Set-Up.execallsShellExecutewith therunasverb to launch a second instance ofPhotoshop_Set-Up.exewith elevated privileges.- Once permission is granted, the new
Photoshop_Set-Up.exeprocess runs withHigh Integrityprivileges. - This elevated process downloads zip files to a temporary folder, then extracts and saves them to the program folder.
- After copying files to the program folder, it runs additional executables such as
Adobe installer.exeandAdobeServiceInstaller.exewith High Integrity privileges to configure the application.
Note that the location where the ZIP files are saved is user-writable. To exploit this vulnerability, an attacker could replace a ZIP file with an attacker-controlled version. When the installation process extracts and saves the files, the attacker-controlled files are written to the program folder with High Integrity privileges.
In this case, it is possible to escalate privileges from High Integrity to System by replacing Adobe installer.exe with an attacker-controlled executable that can register and run a malicious service, which runs with the System privileges.
TIMELINE
2025-09-23 - Vendor Disclosure
2026-01-20 - Vendor Patch Release
2026-04-22 - Public Release
Discovered by KPC of Cisco Talos.
如有侵权请联系:admin#unsafe.sh