search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Nik Software Sharpener Pro vulnerable to privilege escalation

Vulnerability Note VU#124289

Original Release Date: 2008-03-28 | Last Revised: 2008-03-28


The Nik Software Shapener Pro installs files with insecure permissions, which may allow a local attacker to elevate privileges.


Nik Software Sharpener Pro is an Adobe Photoshop plug-in that provides image sharpening capabilities. The Nik Software Sharpener Pro installer sets insecure permissions on the plug-in files. The plug-ins can contain executable code, yet they are world-writable.


An unprivileged user may be able to modify files that can be executed by other users, which can allow privilege escalation.


We are currently unaware of a practical solution to this problem. Please consider the following workaround:

Remove write access to the Nik Sharpener plug-in files

By removing the ability of the "other" group to write to the plug-in files, this vulnerability can be mitigated.

Vendor Information


Nik Software Affected

Notified:  March 07, 2008 Updated: March 28, 2008



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

CVSS Metrics

Group Score Vector



Thanks to  Vlad Didenko for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

CVE IDs: None
Severity Metric: 0.77
Date Public: 2008-02-09
Date First Published: 2008-03-28
Date Last Updated: 2008-03-28 18:44 UTC
Document Revision: 3

Sponsored by CISA.