Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-0525

Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs.

Published

2006-02-02T11:02:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.6 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	adobe	acrobat	3.0	Yes
Application	adobe	acrobat	3.1	Yes
Application	adobe	acrobat	4.0	Yes
Application	adobe	acrobat	4.0.5	Yes
Application	adobe	acrobat	4.0.5a	Yes
Application	adobe	acrobat	4.0.5c	Yes
Application	adobe	acrobat	5.0	Yes
Application	adobe	acrobat	5.0.5	Yes
Application	adobe	acrobat	5.0.10	Yes
Application	adobe	acrobat	6.0	Yes
Application	adobe	acrobat	6.0.1	Yes
Application	adobe	acrobat	6.0.2	Yes
Application	adobe	acrobat	6.0.3	Yes
Application	adobe	acrobat	6.0.4	Yes
Application	adobe	acrobat	7.0	Yes
Application	adobe	acrobat	7.0.1	Yes
Application	adobe	acrobat	7.0.2	Yes
Application	adobe	acrobat	7.0.3	Yes
Application	adobe	acrobat_reader	3.0	Yes
Application	adobe	acrobat_reader	4.0	Yes
Application	adobe	acrobat_reader	4.0.5	Yes
Application	adobe	acrobat_reader	4.0.5a	Yes
Application	adobe	acrobat_reader	4.0.5c	Yes
Application	adobe	acrobat_reader	4.5	Yes
Application	adobe	acrobat_reader	5.0	Yes
Application	adobe	acrobat_reader	5.0.5	Yes
Application	adobe	acrobat_reader	5.0.10	Yes
Application	adobe	acrobat_reader	5.1	Yes
Application	adobe	acrobat_reader	6.0	Yes
Application	adobe	acrobat_reader	6.0.1	Yes
Application	adobe	acrobat_reader	6.0.2	Yes
Application	adobe	acrobat_reader	6.0.3	Yes
Application	adobe	acrobat_reader	6.0.4	Yes
Application	adobe	acrobat_reader	7.0	Yes
Application	adobe	acrobat_reader	7.0.1	Yes
Application	adobe	acrobat_reader	7.0.2	Yes
Application	adobe	acrobat_reader	7.0.3	Yes
Application	adobe	creative_suite	1.0	Yes
Application	adobe	creative_suite	1.3	Yes
Application	adobe	creative_suite	2.0	Yes
Application	adobe	illustrator	7.0	Yes
Application	adobe	illustrator	8.0	Yes
Application	adobe	illustrator	9.0	Yes
Application	adobe	illustrator	10.0	Yes
Application	adobe	illustrator	cs	Yes
Application	adobe	illustrator	cs3	Yes
Application	adobe	indesign	cs	Yes
Application	adobe	indesign	cs3	Yes
Application	adobe	pagemaker	6.5	Yes
Application	adobe	pagemaker	6.5	Yes
Application	adobe	pagemaker	7.0	Yes
Application	adobe	pagemaker	7.0	Yes
Application	adobe	photoshop	7.0	Yes
Application	adobe	photoshop	8.0	Yes
Application	adobe	photoshop	9.0.2	Yes
Application	adobe	photoshop	le	Yes
Application	adobe	premiere	1.5	Yes
Application	adobe	version_cue	1.0	Yes
Application	adobe	version_cue	1.0.1	Yes
Application	adobe	version_cue	gold	Yes

References

http://secunia.com/advisories/18698 Vendor Advisory ([email protected])
http://securitytracker.com/id?1015577 ([email protected])
http://securitytracker.com/id?1015578 ([email protected])
http://securitytracker.com/id?1015579 ([email protected])
http://www.adobe.com/support/techdocs/332644.html ([email protected])
http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf ([email protected])
http://www.kb.cert.org/vuls/id/953860 Third Party Advisory, US Government Resource ([email protected])
http://www.osvdb.org/22908 ([email protected])
http://www.securityfocus.com/archive/1/423587/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/16451 ([email protected])
http://www.vupen.com/english/advisories/2006/0431 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/24464 ([email protected])
http://secunia.com/advisories/18698 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1015577 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1015578 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1015579 (af854a3a-2127-422b-91ae-364da2661108)
http://www.adobe.com/support/techdocs/332644.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/953860 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/22908 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/423587/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/16451 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/0431 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24464 (af854a3a-2127-422b-91ae-364da2661108)