SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Adobe Acrobat/Reader Vendors:   Adobe Systems Incorporated
Adobe Reader/Adobe Acrobat Updater May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1014319
SecurityTracker URL:  http://securitytracker.com/id/1014319
CVE Reference:   CVE-2005-1624   (Links to External Site)
Date:  Jun 28 2005
Impact:   Root access via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Adobe Acrobat and Adobe Reader 7.0 and 7.0.1
Description:   A vulnerability was reported in Adobe Reader and Adobe Acrobat in the updater function. A local user may be able to gain elevated privileges.

The updater elevates pre-existing Safari Frameworks folder permissions for all users when Adobe Reader or Acrobat updates are downloaded. If there is no pre-existing Safari Frameworks folder, then the updater will create a new Frameworks folder with elevated permissions of all users.

The vendor credits John C. Welch with reporting this vulnerability.

Impact:   A local user may be able to gain elevated privileges.
Solution:   The vendor has issued a fixed version (7.0.2), available at:

http://www.adobe.com/support/downloads/

Vendor URL:  www.adobe.com/support/techdocs/331711.html (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (macOS/OS X)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC