Details of VAR-200505-1230

ID

VAR-200505-1230

CVE

CVE-2005-1307

TITLE

Adobe Version Cue Local privilege vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-1090

DESCRIPTION

The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory. A local privilege escalation vulnerability reportedly affects Adobe Version Cue. This issue is due to a failure of the application to validate its environment, allowing an attacker to run arbitrary script code. It should be noted that this issue reportedly only affects Adobe Version Cue on Mac OS X platforms. An attacker may exploit this issue to have arbitrary scripts run with superuser privileges. This will facilitate privileges escalation

Trust: 1.26

sources: NVD: CVE-2005-1307 // BID: 11833 // VULHUB: VHN-12516

AFFECTED PRODUCTS

vendor:	adobe	model:	version cue	scope:	eq	version:	gold	Trust: 1.6
vendor:	apple	model:	mac os x	scope:	eq	version:	10.3.6	Trust: 1.0
vendor:	adobe	model:	version cue	scope:	-	version:	-	Trust: 0.3

sources: BID: 11833 // CNNVD: CNNVD-200505-1090 // NVD: CVE-2005-1307

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-1307
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200505-1090
value:	HIGH
Trust: 0.6
VULHUB:	VHN-12516
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2005-1307
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-12516
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-12516 // CNNVD: CNNVD-200505-1090 // NVD: CVE-2005-1307

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-1307

THREAT TYPE

local

Trust: 0.9

sources: BID: 11833 // CNNVD: CNNVD-200505-1090

TYPE

Design Error

Trust: 0.9

sources: BID: 11833 // CNNVD: CNNVD-200505-1090

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-12516

EXTERNAL IDS

db:	BID	id:	11833	Trust: 2.0
db:	SECTRACK	id:	1012446	Trust: 1.7
db:	SECUNIA	id:	13399	Trust: 1.7
db:	NVD	id:	CVE-2005-1307	Trust: 1.7
db:	OSVDB	id:	12297	Trust: 1.7
db:	OSVDB	id:	12298	Trust: 1.7
db:	BUGTRAQ	id:	20050516 MAC OS X - ADOBE VERSION CUE LOCAL ROOT EXPLOIT [C VERSION EXPLOIT]	Trust: 0.6
db:	BUGTRAQ	id:	20041206 LOCAL ROOT EXPLOIT ON MAC OS X WITH ADOBE VERSION CUE	Trust: 0.6
db:	XF	id:	18445	Trust: 0.6
db:	CNNVD	id:	CNNVD-200505-1090	Trust: 0.6
db:	EXPLOIT-DB	id:	680	Trust: 0.1
db:	SEEBUG	id:	SSVID-62939	Trust: 0.1
db:	VULHUB	id:	VHN-12516	Trust: 0.1

sources: VULHUB: VHN-12516 // BID: 11833 // CNNVD: CNNVD-200505-1090 // NVD: CVE-2005-1307

REFERENCES

url:	http://www.securityfocus.com/bid/11833	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2004-12/0040.html	Trust: 1.7
url:	http://www.adobe.com/support/techdocs/331621.html	Trust: 1.7
url:	http://www.securiteam.com/exploits/5ep0d20fqc.html	Trust: 1.7
url:	http://www.osvdb.org/12297	Trust: 1.7
url:	http://www.osvdb.org/12298	Trust: 1.7
url:	http://securitytracker.com/id?1012446	Trust: 1.7
url:	http://secunia.com/advisories/13399	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/18445	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=111627622403544&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=111627622403544&w=2	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/18445	Trust: 0.6
url:	http://www.adobe.com/products/creativesuite/versioncue.html	Trust: 0.3
url:	/archive/1/383548	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=111627622403544&w=2	Trust: 0.1

sources: VULHUB: VHN-12516 // BID: 11833 // CNNVD: CNNVD-200505-1090 // NVD: CVE-2005-1307

CREDITS

fintler

Trust: 0.6

sources: CNNVD: CNNVD-200505-1090

SOURCES

db:	VULHUB	id:	VHN-12516
db:	BID	id:	11833
db:	CNNVD	id:	CNNVD-200505-1090
db:	NVD	id:	CVE-2005-1307

LAST UPDATE DATE

2024-08-14T14:35:48.355000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-12516	date:	2017-07-11T00:00:00
db:	BID	id:	11833	date:	2004-12-07T00:00:00
db:	CNNVD	id:	CNNVD-200505-1090	date:	2005-10-28T00:00:00
db:	NVD	id:	CVE-2005-1307	date:	2017-07-11T01:32:36.890

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-12516	date:	2005-05-17T00:00:00
db:	BID	id:	11833	date:	2004-12-07T00:00:00
db:	CNNVD	id:	CNNVD-200505-1090	date:	2005-05-17T00:00:00
db:	NVD	id:	CVE-2005-1307	date:	2005-05-17T04:00:00