Security Advisory: File permissions vulnerability in Adobe Creative Suite 2 (Windows, Mac OS)
Release Date: February 2, 2006
Platform: Windows, Mac OS
Vulnerability Identifier:
APSB06-01
Overview: Adobe has been made aware that the file and folder permissions for Photoshop CS2, Illustrator CS2, and Adobe Help Center can permit non-privileged users to change key program files. This condition presents a risk for shared, multi-user systems. Adobe is providing update utilities which correct these access permission issues and prevent manipulation of the program files by non-privileged users. Adobe recommends that customers using CS2 products on shared systems apply these updates.
Effect: If exploited, this vulnerability could allow a hostile user to replace these program files with malicious or harmful code that could read, write, or destroy sensitive data if subsequently run by a privileged user.
Details: The identified vulnerability allows non-privileged users permission to change key program files. This condition presents a risk for shared, multi-user systems. On such systems, a hostile user could take advantage of this condition to replace these program files with malicious or harmful code that could read, write, or destroy sensitive data if subsequently run by a privileged user.
Severity: Adobe categorizes this issue as an important issue and recommends that users patch their installations.
Recommendations: Download and install the AdobeSecurityPatcher from one of the following locations:
http://www.adobe.com/support/techdocs/332644.html
内容大概是
Adobe在安全公告中称:“如果漏洞被利用,恶意攻击者就可以使用恶意的或有害的代码来替换正常的程序文件,进而读取、写入或损坏用户的敏感数据。”
Adobe将此编号APSB06-01的安全漏洞认定为“严重级”,建议用户立即下载AdobeSecurityPatcher进行升级。
d版用户升级须谨慎!不排除有验证程序!
