Adobe AcroRead Insecure Default Font List Permissions Vulnerability
Adobe Acrobat Reader is a freely available PDF document reading utility distributed by Adobe. A problem with the program could allow local users to gain elevated privileges.
When executed, the Acrobat Reader creates a predictable file, and sets the permissions to 0666, granting world read and write access. A local attacker may use a symbolic link attack to set the permissions on any file owned by the vulnerable user, and replace executable files or scripts with trojans.
Reportedly, Acrobat Reader 5.05 creates the file as /tmp/AdobeFnt.lst.UID (including the UID of the invoking user). Acrobat Reader 4.05 creates the font list file in the user's home directory.
It has been reported that Acrobat Reader for Mac OS X does not suffer from this vulnerability.