> Adobe多个本地权限提升漏洞

Adobe多个本地权限提升漏洞

CNNVD-ID编号	CNNVD-200602-016	CVE编号	CVE-2006-0525
发布时间	2006-02-02	更新时间	2006-02-13
漏洞类型	权限许可和访问控制	漏洞来源	Sudhakar Govindavajhala and Andrew Appel discovered these issues.
危险等级	中危	威胁类型	本地
厂商	adobe

漏洞介绍

多款Adobe产品，包括(1) Photoshop CS2、(2) Illustrator CS2和(3) Adobe Help Center中都安装了大量对Everyone组开放写入权限的.EXE和.DLL文件，从而使本地用户可以通过特洛伊木马程序获取权限。

漏洞补丁

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Adobe Creative Suite 2 PremiumAdobe Adobe Security Patcher for Adobe Creative Suite 2 (Macintosh)

http://www.adobe.com/support/downloads/detail.jsp?ftpID=3303

Adobe Adobe Security Patcher for Adobe Creative Suite 2 (Windows)

http://www.adobe.com/support/downloads/detail.jsp?ftpID=3304

Adobe Photoshop CS2

Adobe Adobe Security Patcher for Adobe Photoshop CS2 (Macintosh)

http://www.adobe.com/support/downloads/detail.jsp?ftpID=3305

Adobe Adobe Security Patcher for Adobe Photoshop CS2 (Windows)

http://www.adobe.com/support/downloads/detail.jsp?ftpID=3306

Adobe Illustrator CS2

Adobe Adobe Security Patcher for Adobe Illustrator CS2 (Macintosh)

http://www.adobe.com/support/downloads/detail.jsp?ftpID=3307

Adobe Adobe Security Patcher for Adobe Illustrator CS2 (Windows)Windows

http://www.adobe.com/support/downloads/detail.jsp?ftpID=3308

Adobe Creative Suite 2 Standard

Adobe Adobe Security Patcher for Adobe Creative Suite 2 (Macintosh)

http://www.adobe.com/support/downloads/detail.jsp?ftpID=3223

Adobe Adobe Security Patcher for Adobe Creative Suite 2 (Windows)

http://www.adobe.com/support/downloads/detail.jsp?ftpID=3230

参考网址

来源: US-CERT

名称: VU#953860

链接：http://www.kb.cert.org/vuls/id/953860

来源: XF

名称: adobe-insecure-default-permissions(24464)

链接：http://xforce.iss.net/xforce/xfdb/24464

来源: BID

名称: 16451

链接：http://www.securityfocus.com/bid/16451

来源: BUGTRAQ

名称: 20060131 Windows Access Control Demystified

链接：http://www.securityfocus.com/archive/1/archive/1/423587/100/0/threaded

来源: OSVDB

名称: 22908

链接：http://www.osvdb.org/22908

来源: VUPEN

名称: ADV-2006-0431

链接：http://www.frsirt.com/english/advisories/2006/0431

来源: MISC

链接：http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf

来源: www.adobe.com

链接：http://www.adobe.com/support/techdocs/332644.html

来源: SECTRACK

名称: 1015579

链接：http://securitytracker.com/id?1015579

来源: SECTRACK

名称: 1015578

链接：http://securitytracker.com/id?1015578

来源: SECTRACK

名称: 1015577

链接：http://securitytracker.com/id?1015577

受影响实体

Adobe Indesign:Cs Adobe Indesign:Cs3 Adobe Version_cue:Gold:Mac_os_x Adobe Version_cue:1.0.1 Adobe Photoshop:8.0

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200602-016