Details of VAR-200704-0234

ID

VAR-200704-0234

CVE

CVE-2007-1279

TITLE

Adobe Bridge of OS X for Vulnerability gained in the update installer

Trust: 0.8

sources: JVNDB: JVNDB-2007-001656

DESCRIPTION

Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors during installation of the update by a different user who has administrative privileges. Adobe Bridge Update Installer is prone to a local privilege-escalation vulnerability. Exploiting this issue allows local attackers to gain elevated privileges, potentially leading to a complete compromise of affected computers. This issue affects the Bridge 1.0.3 update on the Mac OS. Adobe Bridge is a file browser that allows users to browse, organize and manipulate design assets between different components of Adobe Creative Suite. This vulnerability cannot be exploited remotely and requires local login privileges. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. Apple Remote Desktop). No further information is available. SOLUTION: Use the updated installer or update to version 1.0.4. http://www.adobe.com/support/downloads/detail.jsp?ftpID=3125 http://www.adobe.com/support/downloads/detail.jsp?ftpID=3395 PROVIDED AND/OR DISCOVERED BY: The vendor credits Jerry Case, Indiana University. ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb07-09.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-1279 // JVNDB: JVNDB-2007-001656 // BID: 23404 // VULHUB: VHN-24641 // PACKETSTORM: 55855

AFFECTED PRODUCTS

vendor:	adobe	model:	bridge	scope:	eq	version:	1.0.3	Trust: 1.8
vendor:	apple	model:	mac os x	scope:	-	version:	-	Trust: 1.4
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.9	Trust: 0.3
vendor:	adobe	model:	bridge update	scope:	eq	version:	1.0.3	Trust: 0.3
vendor:	adobe	model:	bridge	scope:	ne	version:	1.0.4	Trust: 0.3

sources: BID: 23404 // JVNDB: JVNDB-2007-001656 // CNNVD: CNNVD-200704-196 // NVD: CVE-2007-1279

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-1279
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-1279
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200704-196
value:	HIGH
Trust: 0.6
VULHUB:	VHN-24641
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-1279
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-24641
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-24641 // JVNDB: JVNDB-2007-001656 // CNNVD: CNNVD-200704-196 // NVD: CVE-2007-1279

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2007-1279

THREAT TYPE

local

Trust: 1.0

sources: BID: 23404 // PACKETSTORM: 55855 // CNNVD: CNNVD-200704-196

TYPE

Design Error

Trust: 0.9

sources: BID: 23404 // CNNVD: CNNVD-200704-196

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001656

PATCH

title:	APSB07-09	url:	http://www.adobe.com/support/security/bulletins/apsb07-09.html	Trust: 0.8
title:	Mac OS X	url:	http://www.apple.com/macosx/	Trust: 0.8

sources: JVNDB: JVNDB-2007-001656

EXTERNAL IDS

db:	NVD	id:	CVE-2007-1279	Trust: 2.8
db:	BID	id:	23404	Trust: 2.0
db:	SECUNIA	id:	24854	Trust: 1.8
db:	SECTRACK	id:	1017900	Trust: 1.7
db:	OSVDB	id:	34896	Trust: 1.7
db:	VUPEN	id:	ADV-2007-1342	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-001656	Trust: 0.8
db:	CNNVD	id:	CNNVD-200704-196	Trust: 0.7
db:	XF	id:	33570	Trust: 0.6
db:	VULHUB	id:	VHN-24641	Trust: 0.1
db:	PACKETSTORM	id:	55855	Trust: 0.1

sources: VULHUB: VHN-24641 // BID: 23404 // JVNDB: JVNDB-2007-001656 // PACKETSTORM: 55855 // CNNVD: CNNVD-200704-196 // NVD: CVE-2007-1279

REFERENCES

url:	http://www.adobe.com/support/security/bulletins/apsb07-09.html	Trust: 2.1
url:	http://www.securityfocus.com/bid/23404	Trust: 1.7
url:	http://www.osvdb.org/34896	Trust: 1.7
url:	http://www.securitytracker.com/id?1017900	Trust: 1.7
url:	http://secunia.com/advisories/24854	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/1342	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/33570	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1279	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1279	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/33570	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/1342	Trust: 0.6
url:	http://www.apple.com/macosx/	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/24854/	Trust: 0.1
url:	http://corporate.secunia.com/trial/38/request/	Trust: 0.1
url:	http://secunia.com/product/6152/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://www.adobe.com/support/downloads/detail.jsp?ftpid=3395	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://www.adobe.com/support/downloads/detail.jsp?ftpid=3125	Trust: 0.1

sources: VULHUB: VHN-24641 // BID: 23404 // JVNDB: JVNDB-2007-001656 // PACKETSTORM: 55855 // CNNVD: CNNVD-200704-196 // NVD: CVE-2007-1279

CREDITS

Jerry Case

Trust: 0.6

sources: CNNVD: CNNVD-200704-196

SOURCES

db:	VULHUB	id:	VHN-24641
db:	BID	id:	23404
db:	JVNDB	id:	JVNDB-2007-001656
db:	PACKETSTORM	id:	55855
db:	CNNVD	id:	CNNVD-200704-196
db:	NVD	id:	CVE-2007-1279

LAST UPDATE DATE

2024-08-14T15:14:47.401000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-24641	date:	2017-07-29T00:00:00
db:	BID	id:	23404	date:	2008-03-13T01:41:00
db:	JVNDB	id:	JVNDB-2007-001656	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200704-196	date:	2007-08-02T00:00:00
db:	NVD	id:	CVE-2007-1279	date:	2017-07-29T01:30:42.547

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-24641	date:	2007-04-11T00:00:00
db:	BID	id:	23404	date:	2007-04-11T00:00:00
db:	JVNDB	id:	JVNDB-2007-001656	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	55855	date:	2007-04-12T18:33:34
db:	CNNVD	id:	CNNVD-200704-196	date:	2007-04-11T00:00:00
db:	NVD	id:	CVE-2007-1279	date:	2007-04-11T22:19:00