| Vulnerability Name: | CVE-2005-1624 (CCN-21158) | ||||||
| Assigned: | 2005-06-27 | ||||||
| Published: | 2005-06-27 | ||||||
| Updated: | 2005-06-27 | ||||||
| Summary: | Adobe Reader could allow a remote attacker to gain elevated privileges caused by a vulnerability in the updater. The update within Adobe is designed to elevate privileges of the existing Safari Frameworks folder. However, if there is no frameworks folder in existence, the updater then creates a new folder containing elevated privileges for all users. A remote attacker could exploit this vulnerability by downloading the updates to gain elevated privileges on the system, and possibly add frameworks of the attacker's choice to the system. | ||||||
| CVSS v3 Severity: | 5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||
| CVSS v2 Severity: | 6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
| ||||||
| Vulnerability Consequences: | Gain Privileges | ||||||
| References: | Source: MITRE Type: CNA CVE-2005-1624 Source: CCN Type: Adobe Download Web page Downloads Source: CCN Type: Adobe Support Knowledgebase Document 331711 Updater elevates folder permissions (Acrobat and Adobe Reader on Mac OS) Source: CCN Type: OSVDB ID: 17606 Adobe Reader/Acrobat for Mac OS Updater Safari Frameworks Privilege Escalation Source: CCN Type: BID-14075 Adobe Acrobat/Adobe Reader Safari Frameworks Folder Permission Escalation Vulnerability Source: XF Type: UNKNOWN reader-acrobat-folder-gain-privileges(21158) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||