{"vuid":"VU#124289","idnumber":"124289","name":"Nik Software Sharpener Pro vulnerable to privilege escalation","keywords":["Nik Software","Sharpener Pro","Inkjet edition for Mac","privilege escalation"],"overview":"The Nik Software Shapener Pro installs files with insecure permissions, which may allow a local attacker to elevate privileges.","clean_desc":"Nik Software Sharpener Pro is an Adobe Photoshop plug-in that provides image sharpening capabilities. The Nik Software Sharpener Pro installer sets insecure permissions on the plug-in files. The plug-ins can contain executable code, yet they are world-writable.","impact":"An unprivileged user may be able to modify files that can be executed by other users, which can allow privilege escalation.","resolution":"We are currently unaware of a practical solution to this problem. Please consider the following workaround:","workarounds":"Remove write access to the Nik Sharpener plug-in files By removing the ability of the \"other\" group to write to the plug-in files, this vulnerability can be mitigated.","sysaffected":"","thanks":"Thanks to  Vlad Didenko  for reporting this vulnerability.","author":"This document was written by Will Dormann.","public":["h","t","t","p",":","/","/","w","w","w",".","s","e","c","u","r","i","t","y","f","o","c","u","s",".","c","o","m","/","b","i","d","/","2","7","7","0","7","/","i","n","f","o"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2008-02-11T15:10:38Z","publicdate":"2008-02-09T00:00:00Z","datefirstpublished":"2008-03-28T18:42:50Z","dateupdated":"2008-03-28T18:44:47Z","revision":3,"vrda_d1_directreport":"1","vrda_d1_population":"1","vrda_d1_impact":"2","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"2","cam_population":"3","cam_impact":"4","cam_easeofexploitation":"20","cam_attackeraccessrequired":"10","cam_scorecurrent":"0.765","cam_scorecurrentwidelyknown":"0.99","cam_scorecurrentwidelyknownexploited":"1.89","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.765,"vulnote":null}