BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Aloaha PDF Saver Insecure File Permissions

Disclosed January 20, 2013    Fully Patched

Vulnerability Description:

Aloaha PDF Saver improperly sets permissions on certain files, which can be leveraged to manipulate and replace arbitrary application files. A local attacker may use this to elevate their privileges.

Vendors:

Aloaha Software

Vulnerable Software/Devices:

Versions earlier than Aloaha PDF Saver 5.0.280

Vulnerability Severity:

Medium

Exploit Availability:

N/A

Exploit Impact:

Elevation of Privilege
Local Elevation of Privilege Attackers exploiting this vulnerability would be seeking to gain more privileges on the target machine. An attacker would use this vulnerability, if successfully exploited, to replace legitimate files of higher-privilege programs with specially crafted files. These specially crafted files would perform elevated tasks on behalf of the attacker, effectively raising the attacker's permissions.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
  • 18068 - Aloaha PDF Saver Insecure File Permissions

Mitigation:

Update to version 5.0.280

Links:

CVE(s):

None