CVE-2019-7989

Name of the Vulnerable Software and Affected Versions Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier

Description The issue is related to a command injection vulnerability in Adobe Photoshop. Successful exploitation could lead to arbitrary code execution. The vulnerability is also associated with insufficient UI warnings in the ExtendScript app, allowing a remote attacker to execute arbitrary code or disclose information.

Recommendations For Adobe Photoshop CC versions 19.1.8 and earlier, update to a version later than 19.1.8 to resolve the issue. For Adobe Photoshop CC version 20.0.5 and earlier, update to a version later than 20.0.5 to resolve the issue. As a temporary workaround, consider disabling the ExtendScript app until a patch is available. Restrict access to the JSX File ExtendScript functions, such as File.readln, Folder.execute, File.execute, File.read, File.rename, Folder.remove, Folder.rename, File.copy, File.writeln, File.remove, and File.write, to minimize the risk of exploitation. Avoid using the affected ExtendScript functions in the Adobe Photoshop JSX File until the issue is resolved.