Aloaha PDF Saver improperly sets permissions on certain files, which can be leveraged to manipulate and replace arbitrary application files. A local attacker may use this to elevate their privileges.
Versions earlier than Aloaha PDF Saver 5.0.280
Elevation of Privilege
Local Elevation of Privilege Attackers exploiting this vulnerability would be seeking to gain more privileges on the target machine. An attacker would use this vulnerability, if successfully exploited, to replace legitimate files of higher-privilege programs with specially crafted files. These specially crafted files would perform elevated tasks on behalf of the attacker, effectively raising the attacker's permissions.
BeyondTrust Prevention and Detection:
- 18068 - Aloaha PDF Saver Insecure File Permissions
Update to version 5.0.280