Adobe Acrobat / Adobe Reader Insecure Default Permissions
Secunia Advisory: SA21016 Print Advisory
Release Date: 2006-07-12
Critical:
Less critical
Impact: Security Bypass
Manipulation of data
Privilege escalation
Where: Local system
Solution Status: Vendor Patch
OS: Apple Macintosh OS X
Software: Adobe Acrobat 6.x
Adobe Reader 6.x
Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.
CVE reference: CVE-2006-3452
Description:
A vulnerability has been reported in Adobe Acrobat and Adobe Reader,
which can be exploited by malicious, local users to bypass certain
security restrictions or gain escalated privileges.
The vulnerability is caused due to insecure default file permissions
being set on the installed files and folders. This allows any
non-privileged users on the system to remove the files or replace them
with malicious binaries.
The vulnerability has been reported for Adobe Acrobat 6.0.4 and Adobe
Reader 6.0.4 for Mac OS. Prior versions may be also affected.
Solution:
Update to Adobe Acrobat 6.0.5 or Adobe Reader 6.0.5.
http://www.adobe.com/support/downloads/
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
Adobe:
http://www.adobe.com/support/security/bulletins/apsb06-08.html
Please note: The information, which this Secunia Advisory is based upon,
comes from third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports
issued by security research groups, vendors, and others.
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
