Doro PDF Writer Privilege Escalation

2003-12-16T07:14:03
ID OSVDB:3041
Type osvdb
Reporter OSVDB
Modified 2003-12-16T07:14:03

Description

Vulnerability Description

Doro PDF Writer V1.13 (possibly earlier) contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to the fact that Doro PDF Writer runs with system privleges and allows users to open files with these privileges during the print dialog. This flaw may lead to a loss of Confidentiality.

Technical Description

Doro PDF Writer is a PDF writer for the Windows operating system.

Solution Description

Currently the only solution is to not run Doro PDF Writer on a system with Untrusted users.

Short Description

Doro PDF Writer V1.13 (possibly earlier) contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to the fact that Doro PDF Writer runs with system privleges and allows users to open files with these privileges during the print dialog. This flaw may lead to a loss of Confidentiality.

References:

Secunia Advisory ID:10438