Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4708

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-4708
Last Modified 07 Mar 2011 09:28:49
Published 31 Dec 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-4708

Summary

Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System.

Vulnerable Systems

Application

  • Adobe Captivate

  • Adobe Contribute 2

  • Adobe Contribute 3

  • Adobe Director

  • Adobe Dreamweaver 9.0

  • Adobe Elicensing

  • Adobe Fireworks 9.0

  • Adobe Flash Player

  • Adobe Freehand Mx

  • Adobe Studio Mx


References

CERT-VN - VU#953860

CONFIRM - http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html

VUPEN - ADV-2005-0723

BID - 13925

BUGTRAQ - 20060131 Windows Access Control Demystified

OSVDB - 17248

MISC - http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf

SECTRACK - 1014166

SECTRACK - 1014165

SECTRACK - 1014164

SECTRACK - 1014163

SECTRACK - 1014162

SECTRACK - 1014161

SECTRACK - 1014160

SECTRACK - 1014159

SECTRACK - 1014158

SECUNIA - 15654


Last Updated: 27 May 2016 10:41:24