Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1307

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-1307
Last Modified 05 Sep 2008 04:48:47
Published 17 May 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-1307

Summary

The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.3.6

Application

  • Adobe Version Cue Gold


References

MISC - http://www.securiteam.com/exploits/5EP0D20FQC.html

BUGTRAQ - 20050516 Mac OS X - Adobe Version Cue local root exploit [c version exploit]

XF - version-cue-gain-privileges(18445)

BID - 11833

OSVDB - 12298

OSVDB - 12297

CONFIRM - http://www.adobe.com/support/techdocs/331621.html

SECTRACK - 1012446

SECUNIA - 13399

BUGTRAQ - 20041206 Local root exploit on Mac OS X with Adobe Version Cue


Last Updated: 27 May 2016 10:40:06