Creation of Temporary File in Directory with Insecure Permissions

CVE-2023-21612

High

7.8/10

Summary

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-379 - Creation of Temporary File in Directory with Insecure Permissions

The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.

References

Advisory Timeline

Published Jan 18, 2023

Creation of Temporary File in Directory with Insecure Permissions

CVE-2023-21612

Summary

CWE-379 - Creation of Temporary File in Directory with Insecure Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS