CVE-2006-3452

Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure file and directory permissions, which allows local users to gain privileges by overwriting program files.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.adobe.com/support/security/bulletins/apsb06-08.html	Patch
http://www.securityfocus.com/bid/18945	Patch
http://secunia.com/advisories/21016	Patch Vendor Advisory
http://securitytracker.com/id?1016473
http://www.osvdb.org/27157
http://www.vupen.com/english/advisories/2006/2758
https://exchange.xforce.ibmcloud.com/vulnerabilities/27678

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:adobe:acrobat:5.0.10::mac_os_x:::::
	cpe:2.3:a:adobe:acrobat:5.0.5::mac_os_x:::::
	cpe:2.3:a:adobe:acrobat_reader:4.0.5::mac_os_x:::::
	cpe:2.3:a:adobe:acrobat_reader:4.0.5a::mac_os_x:::::
	cpe:2.3:a:adobe:acrobat_reader:6.0.1::for_mac_os_x:::::
	cpe:2.3:a:adobe:acrobat_reader:6.0.2::for_mac_os_x:::::
	cpe:2.3:a:adobe:acrobat_reader:6.0.3::for_mac_os_x:::::
	cpe:2.3:a:adobe:acrobat:4.0.5::mac_os_x:::::
	cpe:2.3:a:adobe:acrobat:4.0.5a::mac_os_x:::::
	cpe:2.3:a:adobe:acrobat:6.0.2::mac_os_x:::::
	cpe:2.3:a:adobe:acrobat:6.0.3::mac_os_x:::::
	cpe:2.3:a:adobe:acrobat_reader:6.0::for_mac_os_x:::::
	cpe:2.3:a:adobe:acrobat:6.0.1::mac_os_x:::::
	cpe:2.3:a:adobe:acrobat:6.0::mac_os_x:::::
	cpe:2.3:a:adobe:acrobat_reader:3.0::mac_os_x:::::
	cpe:2.3:a:adobe:acrobat:3.0::mac_os_x:::::
	cpe:2.3:a:adobe:acrobat:4.0::mac_os_x:::::
	cpe:2.3:a:adobe:acrobat_reader:4.0.5c::mac_os_x:::::
	cpe:2.3:a:adobe:acrobat_reader:5.0.5::for_mac_os_x:::::
	cpe:2.3:a:adobe:acrobat:4.0.5c::mac_os_x:::::
	cpe:2.3:a:adobe:acrobat_reader:::for_mac_os_x:::::*
	cpe:2.3:a:adobe:acrobat_reader:5.0.10::mac_os_x:::::
	cpe:2.3:a:adobe:acrobat:3.1::mac_os_x:::::
	cpe:2.3:a:adobe:acrobat:5.0::mac_os_x:::::
	cpe:2.3:a:adobe:acrobat_reader:5.1::for_mac_os_x:::::
	cpe:2.3:a:adobe:acrobat_reader:5.0::for_mac_os_x:::::
	cpe:2.3:a:adobe:acrobat:::mac_os_x:::::*
	cpe:2.3:a:adobe:acrobat_reader:4.0::for_mac_os_x:::::

Information

Published : 2006-07-12 15:05

Updated : 2017-07-19 18:32

NVD link : CVE-2006-3452

Mitre link : CVE-2006-3452

JSON object : View

CWE

NVD-CWE-Other

Products Affected

adobe

acrobat_reader
acrobat

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.adobe.com/support/security/bulletins/apsb06-08.html", "name": "http://www.adobe.com/support/security/bulletins/apsb06-08.html", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/18945", "name": "18945", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/21016", "name": "21016", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securitytracker.com/id?1016473", "name": "1016473", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.osvdb.org/27157", "name": "27157", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2006/2758", "name": "ADV-2006-2758", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27678", "name": "acrobat-reader-insecure-permissions(27678)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure file and directory permissions, which allows local users to gain privileges by overwriting program files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-3452", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-07-12T22:05Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:acrobat:5.0.10:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat:5.0.5:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0.5:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0.5a:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:for_mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:for_mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:for_mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat:4.0.5:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat:4.0.5a:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.2:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.3:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:6.0:*:for_mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0.1:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat:6.0:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:3.0:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat:3.0:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat:4.0:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0.5c:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:for_mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat:4.0.5c:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:for_mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.0.4"}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0.10:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat:3.1:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat:5.0:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.1:*:for_mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:5.0:*:for_mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:*:mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.0.4"}, {"cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:4.0:*:for_mac_os_x:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:32Z"}

4.6 /10