[SA18698] Adobe Products Insecure Default File Permissions


TITLE: Adobe Products Insecure Default File Permissions SECUNIA ADVISORY ID: SA18698 VERIFY ADVISORY: http://secunia.com/advisories/18698/ CRITICAL: Less critical IMPACT: Security Bypass, Manipulation of data, Privilege escalation WHERE: Local system SOFTWARE: Adobe Photoshop CS2 http://secunia.com/product/6151/ Adobe Illustrator CS2 http://secunia.com/product/7061/ Adobe Creative Suite 2 Standard http://secunia.com/product/7390/ Adobe Creative Suite 2 Premium http://secunia.com/product/7389/ DESCRIPTION: A security issue has been reported in some Adobe products, which can be exploited by malicious, local users to bypass certain security restrictions or gain escalated privileges. The security issue is caused due to insecure default file permissions being set on the installed files and folders. This allows any non-privileged users on the system to remove the files or replace them with malicious binaries. The security issue has been reported in the following products: * Adobe Creative Suite 2 * Adobe Photoshop CS2 * Adobe Illustrator CS2 SOLUTION: Apply AdobeSecurityPatcher. Adobe Illustrator CS2 (Windows): http://www.adobe.com/support/downloads/detail.jsp?ftpID=3308 Adobe Illustrator CS2 (Mac OS): http://www.adobe.com/support/downloads/detail.jsp?ftpID=3307 Adobe Photoshop CS2 (Windows): http://www.adobe.com/support/downloads/detail.jsp?ftpID=3306 Adobe Photoshop CS2 (Mac OS): http://www.adobe.com/support/downloads/detail.jsp?ftpID=3305 Adobe Creative Suite 2 Premium (Windows): http://www.adobe.com/support/downloads/detail.jsp?ftpID=3304 Adobe Creative Suite 2 Premium (Mac OS): http://www.adobe.com/support/downloads/detail.jsp?ftpID=3303 Adobe Creative Suite 2 Standard (Windows): http://www.adobe.com/support/downloads/detail.jsp?ftpID=3230 Adobe Creative Suite 2 Standard (Mac OS): http://www.adobe.com/support/downloads/detail.jsp?ftpID=3223 PROVIDED AND/OR DISCOVERED BY: The vendor credits Sudhakar Govindavajhala and Andrew Appel of Princeton University. ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/techdocs/332644.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.