Skip to main content
R
robertr61249773
Participant
April 1, 2017
Question

img.exploit.CVE_2017 in fresh install (from DVD) of Photoshop Elements 15

  • April 1, 2017
  • 3 replies
  • 1209 views

I ran a ClamXAV (MacOS 10.11.6) and found that the "Adobe Photoshop Elements Editor.app" had an infection:  Img.exploit_CVE_2017_2804-6162475-0", which was quarantined.  Needless to say, once that file was quarantined, the program didn't run.  I deleted it, emptied the trash, and reinstalled from the DVD (boxed, purchased from Staples).  Ran ClamXAV again (applications folder) and got the same message.  I also ran the update function and the program was updated.  Everything seems fine and normal.

A scan using Sophos AV did NOT find any problems.

A google search of the img.exploit.CVE leads to all sorts of information that I don't understand.

So my question:  is this something to be concerned about?  I can't run Elements 15 if I quarantine the "suspect" file, and at the same time I don't want to destroy my computer (and / or pass along a virus / malware / etc).

What to do????

Thank you!

This topic has been closed for replies.

3 replies

R
robertr61249773Author
Participant
April 2, 2017

Further actions from me...

Thank you very much.

Here’s some further things I did:

1.  Scan the.dmg file with ClamXav.  No problems found.

2.  Double clicked the .dmg file and a DVD like icon appears.  Open than.  Scanned the Install, packages, payloads, and deploy folders with clamXAV.  No problems found.

I don’t know if clamxav would find anything from these operations but figured it was worth a shot.

Also ran sophos on the entire hard drive and it again found nothing.

ClamXAV on running the Applications folders keeps coming back with same message

========-

And further comments from DM from  R Kelly:

=========

What you have it not a virus but a security hole in the photoshop elements application.

Similar to these that have been patched in photoshop over the years.

Security Bulletins and Advisories

==============

SO...  if this is a security hole in the PSE application, that would seem NOT to be a false positive by ClamXAV (again, I'm not a computer guy and am in way over my head here).

Do we worry about this or not?

Thanks!

Jeff Arola
Community Expert
Jeff ArolaCommunity Expert
Community Expert
April 2, 2017

i would report it over here on the ClamXAV forums and hopefully it will turn out to be a false positive.

https://www.clamxav.com/BB/

michaela90996715
michaela90996715
Participant
April 2, 2017

I have ran a ClamXAV scan (MacOS 10.11.6) and found like others, that the "Adobe Photoshop Elements Editor.app" v14 Installed from Disc had an infection:  Img.exploit_CVE_2017_2804-6162475-0

Jeff Arola
Community Expert
Jeff ArolaCommunity Expert
Community Expert
April 1, 2017

You could uninstall pse 15 and download pse 15 from adobe, install and recheck with your virus scanner.

Download Photoshop Elements | 15, 14, 13, 12, 11, 10

Rather than deleting the pse 15 application use the Uninstall Adobe Photoshop Elements 15 in

the /Applications/Adobe Photoshop Elements 15 folder.

R
robertr61249773Author
Participant
April 1, 2017

Thanks for your advice.  I deleted the PSE 15 using the uninstall, downloaded it from the adobe site, did the update to 15.2, quit the program, and then ran ClamXAV again.  Same result...

No other problems were found from scanning everything else with ClamXAV and Sophos.  So I'm at a loss here.  Is it possible this exploit was worked it's way into the Adobe servers?

Thank you!

Jeff Arola
Community Expert
Jeff ArolaCommunity Expert
Community Expert
April 2, 2017

In the meantime i would report it over here on the ClamXAV forums and hopefully it will turn out to be a false positive.

https://www.clamxav.com/BB/

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices