Adobe Acrobat / Reader on Mac OS X Default Permission Weakness

2006-07-11T03:49:12
ID OSVDB:27157
Type osvdb
Reporter OSVDB
Modified 2006-07-11T03:49:12

Description

Vulnerability Description

Adobe Acrobat and Adobe Reader contains a flaw that may allow a malicious user to remove files or replace them with malicious programs. The flaw exists due to insecure default file permissions being set on the installed files and folders. It is possible that the flaw may allow the attacker to bypass certain security restrictions or gain escalated privileges resulting in a loss of confidentiality and integrity.

Technical Description

This issue can only be exploited on multiuser systems on Mac OS X platforms.

Solution Description

Upgrade to version 6.0.5, 7.0.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Adobe Acrobat and Adobe Reader contains a flaw that may allow a malicious user to remove files or replace them with malicious programs. The flaw exists due to insecure default file permissions being set on the installed files and folders. It is possible that the flaw may allow the attacker to bypass certain security restrictions or gain escalated privileges resulting in a loss of confidentiality and integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1016473 Secunia Advisory ID:21016 ISS X-Force ID: 27678 FrSIRT Advisory: ADV-2006-2758 CVE-2006-3452 Bugtraq ID: 18945