Creation of Temporary File in Directory with Insecure Permissions
CVE-2021-39828
Summary
Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a privilege escalation vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- REQUIRED
- HIGH
- HIGH
- HIGH
CWE-379 - Creation of Temporary File in Directory with Insecure Permissions
The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.
References
Advisory Timeline
- Published