Info

Disclosure

Jul 11, 2006

Discovery

Unknown

Dates

Exploit

Jul 11, 2006

Solution

Unknown

Description

Adobe Acrobat and Adobe Reader contains a flaw that may allow a malicious user to remove files or replace them with malicious programs. The flaw exists due to insecure default file permissions being set on the installed files and folders. It is possible that the flaw may allow the attacker to bypass certain security restrictions or gain escalated privileges resulting in a loss of confidentiality and integrity.

Classification

Location: Local Access Required
Attack Type: Misconfiguration
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Upgrade to version 6.0.5, 7.0.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Adobe Systems Incorporated	Adobe Acrobat	3.0
		3.1
		4.0
		4.0.5
		5.0
		5.0.5
		5.0.10
		6.0
		6.0.1
		6.0.2
		6.0.3
		6.0.4
	Adobe Reader	3.0
		4.0
		4.0.5
		5.0
		5.0.5
		5.0.10
		5.1
		6.0
		6.0.1
		6.0.2
		6.0.3
		6.0.4

References

Security Tracker: 1016473
Bugtraq ID: 18945
CVE ID: 2006-3452 (see also: NVD)
Secunia Advisory ID: 21016
SCIP VulDB ID: 2373
ISS X-Force ID: 27678
VUPEN Advisory: ADV-2006-2758
Vendor Specific Advisory URL: http://www.adobe.com/support/security/bulletins/apsb06-08.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/27157

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Adobe Systems Incorporated

Adobe Acrobat

Adobe Reader

References

Credit