Vulnerability Name:

CVE-2006-0525 (CCN-24464)

Assigned:2006-02-02
Published:2006-02-02
Updated:2018-10-19
Summary:Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs.
CVSS v3 Severity:8.2 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2006-0525

Source: CCN
Type: SA18698
Adobe Products Insecure Default File Permissions

Source: SECUNIA
Type: Vendor Advisory
18698

Source: CCN
Type: SECTRACK ID: 1015577
Adobe Creative Suite File/Folder Access Control Error Lets Local Users Gain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1015577

Source: CCN
Type: SECTRACK ID: 1015578
Adobe Photoshop File/Folder Access Control Error Lets Local Users Gain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1015578

Source: CCN
Type: SECTRACK ID: 1015579
Adobe Illustrator File/Folder Access Control Error Lets Local Users Gain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1015579

Source: CCN
Type: Adobe Security Advisory APSB06-01
File permissions vulnerability in Adobe Creative Suite 2 (Windows, Mac OS)

Source: CONFIRM
Type: UNKNOWN
http://www.adobe.com/support/techdocs/332644.html

Source: CCN
Type: Secure Internet Programming laboratory at Princeton University Research Paper - January 31, 2006
Windows Access Control Demystified

Source: MISC
Type: UNKNOWN
http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf

Source: CCN
Type: US-CERT VU#953860
Microsoft Windows privilege escalation vulnerability

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#953860

Source: OSVDB
Type: UNKNOWN
22908

Source: CCN
Type: OSVDB ID: 22908
Adobe Multiple Products Permission Weakness Privilege Escalation

Source: BUGTRAQ
Type: UNKNOWN
20060131 Windows Access Control Demystified

Source: BID
Type: UNKNOWN
16451

Source: CCN
Type: BID-16451
Adobe Multiple Local Privilege Escalation Vulnerabilities

Source: VUPEN
Type: Vendor Advisory
ADV-2006-0431

Source: XF
Type: UNKNOWN
adobe-insecure-default-permissions(24464)

Source: XF
Type: UNKNOWN
adobe-insecure-default-permissions(24464)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:acrobat:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:4.0.5a:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:4.0.5c:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:4.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:creative_suite:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:creative_suite:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:creative_suite:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:illustrator:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:illustrator:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:illustrator:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:illustrator:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:illustrator:cs:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:illustrator:cs3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:indesign:cs:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:indesign:cs3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:pagemaker:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:pagemaker:6.5:*:plus:*:*:*:*:*
  • OR cpe:/a:adobe:pagemaker:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:pagemaker:7.0:*:plus:*:*:*:*:*
  • OR cpe:/a:adobe:photoshop:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:photoshop:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:photoshop:9.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:photoshop:le:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:premiere:1.5:*:pro:*:*:*:*:*
  • OR cpe:/a:adobe:version_cue:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:version_cue:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:version_cue:gold:*:mac_os_x:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:adobe:creative_suite:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:illustrator:cs2::mac:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    adobe acrobat 3.0
    adobe acrobat 3.1
    adobe acrobat 4.0
    adobe acrobat 4.0.5
    adobe acrobat 4.0.5a
    adobe acrobat 4.0.5c
    adobe acrobat 5.0
    adobe acrobat 5.0.5
    adobe acrobat 5.0.10
    adobe acrobat 6.0
    adobe acrobat 6.0.1
    adobe acrobat 6.0.2
    adobe acrobat 6.0.3
    adobe acrobat 6.0.4
    adobe acrobat 7.0
    adobe acrobat 7.0.1
    adobe acrobat 7.0.2
    adobe acrobat 7.0.3
    adobe acrobat reader 3.0
    adobe acrobat reader 4.0
    adobe acrobat reader 4.0.5
    adobe acrobat reader 4.0.5a
    adobe acrobat reader 4.0.5c
    adobe acrobat reader 4.5
    adobe acrobat reader 5.0
    adobe acrobat reader 5.0.5
    adobe acrobat reader 5.0.10
    adobe acrobat reader 5.1
    adobe acrobat reader 6.0
    adobe acrobat reader 6.0.1
    adobe acrobat reader 6.0.2
    adobe acrobat reader 6.0.3
    adobe acrobat reader 6.0.4
    adobe acrobat reader 7.0
    adobe acrobat reader 7.0.1
    adobe acrobat reader 7.0.2
    adobe acrobat reader 7.0.3
    adobe creative suite 1.0
    adobe creative suite 1.3
    adobe creative suite 2.0
    adobe illustrator 7.0
    adobe illustrator 8.0
    adobe illustrator 9.0
    adobe illustrator 10.0
    adobe illustrator cs
    adobe illustrator cs3
    adobe indesign cs
    adobe indesign cs3
    adobe pagemaker 6.5
    adobe pagemaker 6.5
    adobe pagemaker 7.0
    adobe pagemaker 7.0
    adobe photoshop 7.0
    adobe photoshop 8.0
    adobe photoshop 9.0.2
    adobe photoshop le
    adobe premiere 1.5
    adobe version cue 1.0
    adobe version cue 1.0.1
    adobe version cue gold
    adobe creative suite 2.0
    adobe illustrator cs2