A security issue has been reported in Adobe
Reader, which can be exploited by malicious, local users to perform
certain actions with escalated privileges.
The security issue is caused due to the insecure handling of temporary
files within the “acroread” script when processing the
“installCertificate” option. This can be exploited via symlink attacks
in combination with a race condition to overwrite or delete arbitrary
files with the privileges of the user running the program.
The security issue is reported in version 8.1.2. Other versions may also be affected.
Solution:
Restrict local access to trusted users only
the-r00t | Security Experts TIM
Etiketler : adobe, files, for, insecure, reader, temporaryPost a Comment