Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0525

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2006-0525
Last Modified 07 Mar 2011 12:00:00
Published 02 Feb 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-0525

Summary

Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs.

Vulnerable Systems

Application

  • Adobe Acrobat 3.0

  • Adobe Acrobat 3.1

  • Adobe Acrobat 4.0

  • Adobe Acrobat 4.0.5

  • Adobe Acrobat 4.0.5a

  • Adobe Acrobat 4.0.5c

  • Adobe Acrobat 5.0

  • Adobe Acrobat 5.0.10

  • Adobe Acrobat 5.0.5

  • Adobe Acrobat 6.0

  • Adobe Acrobat 6.0.1

  • Adobe Acrobat 6.0.2

  • Adobe Acrobat 6.0.3

  • Adobe Acrobat 6.0.4

  • Adobe Acrobat 7.0

  • Adobe Acrobat 7.0.1

  • Adobe Acrobat 7.0.2

  • Adobe Acrobat 7.0.3

  • Adobe Acrobat Reader 3.0

  • Adobe Acrobat Reader 4.0

  • Adobe Acrobat Reader 4.0.5

  • Adobe Acrobat Reader 4.0.5a

  • Adobe Acrobat Reader 4.0.5c

  • Adobe Acrobat Reader 4.5

  • Adobe Acrobat Reader 5.0

  • Adobe Acrobat Reader 5.0.10

  • Adobe Acrobat Reader 5.0.5

  • Adobe Acrobat Reader 5.1

  • Adobe Acrobat Reader 6.0

  • Adobe Acrobat Reader 6.0.1

  • Adobe Acrobat Reader 6.0.2

  • Adobe Acrobat Reader 6.0.3

  • Adobe Acrobat Reader 6.0.4

  • Adobe Acrobat Reader 7.0

  • Adobe Acrobat Reader 7.0.1

  • Adobe Acrobat Reader 7.0.2

  • Adobe Acrobat Reader 7.0.3

  • Adobe Creative Suite 1.0

  • Adobe Creative Suite 1.3

  • Adobe Creative Suite 2.0

  • Adobe Illustrator 10.0

  • Adobe Illustrator 7.0

  • Adobe Illustrator 8.0

  • Adobe Illustrator 9.0

  • Adobe Illustrator Cs

  • Adobe Illustrator Cs3

  • Adobe Indesign Cs

  • Adobe Indesign Cs3

  • Adobe Pagemaker 6.5

  • Adobe Pagemaker 7.0

  • Adobe Photoshop 7.0

  • Adobe Photoshop 8.0

  • Adobe Photoshop 9.0.2

  • Adobe Photoshop Le

  • Adobe Premiere 1.5

  • Adobe Version Cue 1.0

  • Adobe Version Cue 1.0.1

  • Adobe Version Cue Gold


References

CERT-VN - VU#953860

XF - adobe-insecure-default-permissions(24464)

VUPEN - ADV-2006-0431

BID - 16451

BUGTRAQ - 20060131 Windows Access Control Demystified

OSVDB - 22908

MISC - http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf

CONFIRM - http://www.adobe.com/support/techdocs/332644.html

SECTRACK - 1015579

SECTRACK - 1015578

SECTRACK - 1015577

SECUNIA - 18698


Last Updated: 27 May 2016 10:41:41