The Nik Software Shapener Pro installs files with insecure permissions, which may allow a local attacker to elevate privileges.
Nik Software Sharpener Pro is an Adobe Photoshop plug-in that provides image sharpening capabilities. The Nik Software Sharpener Pro installer sets insecure permissions on the plug-in files. The plug-ins can contain executable code, yet they are world-writable.
An unprivileged user may be able to modify files that can be executed by other users, which can allow privilege escalation.
We are currently unaware of a practical solution to this problem. Please consider the following workaround:
Remove write access to the Nik Sharpener plug-in files
Thanks to Vlad Didenko for reporting this vulnerability.
This document was written by Will Dormann.
|Date First Published:||2008-03-28|
|Date Last Updated:||2008-03-28 18:44 UTC|