In most cases, the vulnerability would not allow the malicious user to read the files unless they already had read permission to do so.