Vulnerability CVE-2006-0525


Published: 2006-02-02   Modified: 2012-02-12

Description:
Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: Adobe
Product: Photoshop 
Version:
le
9.0.2
8.0
7.0
Product: Version cue 
Version:
gold
1.0.1
1.0
Product: Illustrator 
Version:
cs3
cs
9.0
8.0
7.0
10.0
Product: Indesign 
Version: cs3; cs;
Product: Acrobat 
Version:
7.0.3
7.0.2
7.0.1
7.0
6.0.4
6.0.3
6.0.2
6.0.1
6.0
5.0.5
5.0.10
5.0
4.0.5c
4.0.5a
4.0.5
4.0
3.1
3.0
Product: Acrobat reader 
Version:
7.0.3
7.0.2
7.0.1
7.0
6.0.4
6.0.3
6.0.2
6.0.1
6.0
5.1
5.0.5
5.0.10
5.0
4.5
4.0.5c
4.0.5a
4.0.5
4.0
3.0
Product: Pagemaker 
Version: 7.0; 6.5;
Product: Creative suite 
Version:
2.0
1.3
1.0
Product: Premiere 
Version: 1.5;

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://securitytracker.com/id?1015577
http://securitytracker.com/id?1015578
http://securitytracker.com/id?1015579
http://www.adobe.com/support/techdocs/332644.html
http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf
http://www.kb.cert.org/vuls/id/953860
http://www.securityfocus.com/archive/1/423587/100/0/threaded
http://www.securityfocus.com/bid/16451
http://www.vupen.com/english/advisories/2006/0431
https://exchange.xforce.ibmcloud.com/vulnerabilities/24464

Related CVE
CVE-2018-19725
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2019-8075
Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVE-2019-8074
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user.
CVE-2019-8073
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user.
CVE-2019-8072
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVE-2019-8076
Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2019-8070
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2019-8069
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.

Copyright 2019, cxsecurity.com

 

Back to Top