Skip to main content

Creation of Temporary File in Directory with Insecure Permissions

CVE-2021-39828

Severity Medium
Score 6.5/10

Summary

Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a privilege escalation vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability.

  • LOW
  • LOCAL
  • HIGH
  • UNCHANGED
  • REQUIRED
  • HIGH
  • HIGH
  • HIGH

CWE-379 - Creation of Temporary File in Directory with Insecure Permissions

The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.

References

Advisory Timeline

  • Published