Vulnerability Name:

CVE-2006-3452 (CCN-27678)

Assigned:2006-07-11
Published:2006-07-11
Updated:2017-07-20
Summary:Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure file and directory permissions, which allows local users to gain privileges by overwriting program files.
This vulnerability only exists in multi-user environments.
This vulnerability is addressed in the following product releases:
Adobe, Acrobat Reader, 6.0.5 for Mac OSX
Adobe, Acrobat, 6.0.5 for Mac OSX
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: MITRE
Type: CNA
CVE-2006-3452

Source: CCN
Type: SA21016
Adobe Acrobat / Adobe Reader Insecure Default Permissions

Source: SECUNIA
Type: Patch, Vendor Advisory
21016

Source: CCN
Type: SECTRACK ID: 1016473
Adobe Acrobat and Adobe Reader Unsafe Permissions on Mac OS X Let Local Users Gain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1016473

Source: CCN
Type: Adobe Product Security Bulletin APSB06-08
File Permissions Vulnerability in Adobe Reader and Adobe Acrobat (Mac OS)

Source: CONFIRM
Type: Patch
http://www.adobe.com/support/security/bulletins/apsb06-08.html

Source: OSVDB
Type: UNKNOWN
27157

Source: CCN
Type: OSVDB ID: 27157
Adobe Acrobat / Reader on Mac OS X Default Permission Weakness

Source: BID
Type: Patch
18945

Source: CCN
Type: BID-18945
Adobe Acrobat / Adobe Reader Local Privilege Escalation Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-2758

Source: XF
Type: UNKNOWN
acrobat-reader-insecure-permissions(27678)

Source: XF
Type: UNKNOWN
acrobat-reader-insecure-permissions(27678)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:acrobat:3.0:*:mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:3.1:*:mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0:*:mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0.5:*:mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0.5a:*:mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0.5c:*:mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0:*:mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0.5:*:mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0.10:*:mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0:*:mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.1:*:mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.2:*:mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.3:*:mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:*:*:mac_os_x:*:*:*:*:* (Version <= 6.0.4)
  • OR cpe:/a:adobe:acrobat_reader:3.0:*:mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:4.0:*:for_mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:4.0.5:*:mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:4.0.5a:*:mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:4.0.5c:*:mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.0:*:for_mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.0.5:*:for_mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.0.10:*:mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.1:*:for_mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:6.0:*:for_mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:6.0.1:*:for_mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:6.0.2:*:for_mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:6.0.3:*:for_mac_os_x:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:*:*:for_mac_os_x:*:*:*:*:* (Version <= 6.0.4)

    • Configuration CCN 1:
  • cpe:/a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:4.0.5a:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:4.0.5c:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    adobe acrobat 3.0
    adobe acrobat 3.1
    adobe acrobat 4.0
    adobe acrobat 4.0.5
    adobe acrobat 4.0.5a
    adobe acrobat 4.0.5c
    adobe acrobat 5.0
    adobe acrobat 5.0.5
    adobe acrobat 5.0.10
    adobe acrobat 6.0
    adobe acrobat 6.0.1
    adobe acrobat 6.0.2
    adobe acrobat 6.0.3
    adobe acrobat *
    adobe acrobat reader 3.0
    adobe acrobat reader 4.0
    adobe acrobat reader 4.0.5
    adobe acrobat reader 4.0.5a
    adobe acrobat reader 4.0.5c
    adobe acrobat reader 5.0
    adobe acrobat reader 5.0.5
    adobe acrobat reader 5.0.10
    adobe acrobat reader 5.1
    adobe acrobat reader 6.0
    adobe acrobat reader 6.0.1
    adobe acrobat reader 6.0.2
    adobe acrobat reader 6.0.3
    adobe acrobat reader *
    adobe acrobat reader 3.0
    adobe acrobat reader 4.0
    adobe acrobat reader 5.0.5
    adobe acrobat reader 5.0
    adobe acrobat reader 6.0.1
    adobe acrobat reader 6.0
    adobe acrobat reader 6.0.2
    adobe acrobat reader 5.0.10
    adobe acrobat reader 5.1
    adobe acrobat reader 6.0.3
    adobe acrobat reader 6.0.4
    adobe acrobat 3.0
    adobe acrobat 3.1
    adobe acrobat 4.0
    adobe acrobat 4.0.5
    adobe acrobat 4.0.5a
    adobe acrobat 4.0.5c
    adobe acrobat 5.0
    adobe acrobat 5.0.10
    adobe acrobat 5.0.5
    adobe acrobat 6.0
    adobe acrobat 6.0.1
    adobe acrobat 6.0.2
    adobe acrobat 6.0.3
    adobe acrobat 6.0.4
    adobe acrobat reader 4.0.5
    adobe acrobat reader 4.0.5a
    adobe acrobat reader 4.0.5c