Sign-up

ID

VAR-200705-0406


CVE

CVE-2007-2682


TITLE

Adobe CS3 Used in Adobe Version Cue CS3 Server Vulnerability that bypasses firewall rules in the installer

Trust: 0.8

sources: JVNDB: JVNDB-2007-002024

DESCRIPTION

The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as used in Adobe Creative Suite 3 (CS3), does not re-enable the personal firewall after completing the product installation, which allows remote attackers to bypass intended firewall rules. Adobe Version Cue CS3 Server is prone to a weakness that results from a design error. An attacker could take advantage of this weakness to exploit other vulnerabilities or to carry out a variety of attacks against a computer

Trust: 1.98

sources: NVD: CVE-2007-2682 // JVNDB: JVNDB-2007-002024 // BID: 24027 // VULHUB: VHN-26044

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope: - version: -

Trust: 1.4

vendor:adobemodel:creative suitescope:eqversion:3.0

Trust: 1.0

vendor:adobemodel:creative suitescope:eqversion:3

Trust: 0.8

vendor:adobemodel:creative suite web standardscope:eqversion:3

Trust: 0.3

vendor:adobemodel:creative suite web premiumscope:eqversion:3

Trust: 0.3

vendor:adobemodel:creative suite design standardscope:eqversion:3

Trust: 0.3

vendor:adobemodel:creative suite design premiumscope:eqversion:3

Trust: 0.3

sources: BID: 24027 // JVNDB: JVNDB-2007-002024 // CNNVD: CNNVD-200705-383 // NVD: CVE-2007-2682

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-2682
value: HIGH

Trust: 1.0

NVD: CVE-2007-2682
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200705-383
value: HIGH

Trust: 0.6

VULHUB: VHN-26044
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-2682
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-26044
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-26044 // JVNDB: JVNDB-2007-002024 // CNNVD: CNNVD-200705-383 // NVD: CVE-2007-2682

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-2682

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200705-383

TYPE

Design Error

Trust: 0.9

sources: BID: 24027 // CNNVD: CNNVD-200705-383

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-002024

PATCH
title:APSB07-11url:http://www.adobe.com/support/security/bulletins/apsb07-11.html
Trust: 0.8
title:Mac OS Xurl:http://www.apple.com/macosx/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-002024

EXTERNAL IDS
db:NVDid:CVE-2007-2682
Trust: 2.8
db:BIDid:24027
Trust: 2.0
db:SECUNIAid:25291
Trust: 1.7
db:SECTRACKid:1018075
Trust: 1.7
db:VUPENid:ADV-2007-1850
Trust: 1.7
db:OSVDBid:35868
Trust: 1.7
db:JVNDBid:JVNDB-2007-002024
Trust: 0.8
db:XFid:34342
Trust: 0.6
db:CNNVDid:CNNVD-200705-383
Trust: 0.6
db:VULHUBid:VHN-26044
Trust: 0.1
sources:
            
            
            VULHUB: VHN-26044 // 
            
            
            
            BID: 24027 // 
            
            
            
            JVNDB: JVNDB-2007-002024 // 
            
            
            
            CNNVD: CNNVD-200705-383 // 
            
            
            
            NVD: CVE-2007-2682

REFERENCES
url:http://www.adobe.com/support/security/bulletins/apsb07-11.html
Trust: 2.0
url:http://www.securityfocus.com/bid/24027
Trust: 1.7
url:http://osvdb.org/35868
Trust: 1.7
url:http://securitytracker.com/id?1018075
Trust: 1.7
url:http://secunia.com/advisories/25291
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/1850
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/34342
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2682
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-2682
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/34342
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/1850
Trust: 0.6
url:http://www.adobe.com/products/creativesuite/versioncue/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-26044 // 
            
            
            
            BID: 24027 // 
            
            
            
            JVNDB: JVNDB-2007-002024 // 
            
            
            
            CNNVD: CNNVD-200705-383 // 
            
            
            
            NVD: CVE-2007-2682

CREDITS
The vendor reported this issue.
Trust: 0.9
sources:
            
            
            BID: 24027 // 
            
            
            
            CNNVD: CNNVD-200705-383

SOURCES
db:VULHUBid:VHN-26044
db:BIDid:24027
db:JVNDBid:JVNDB-2007-002024
db:CNNVDid:CNNVD-200705-383
db:NVDid:CVE-2007-2682

LAST UPDATE DATE
2024-11-23T22:36:14.472000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-26044date:2017-07-29T00:00:00
db:BIDid:24027date:2007-05-17T16:18:00
db:JVNDBid:JVNDB-2007-002024date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200705-383date:2007-05-21T00:00:00
db:NVDid:CVE-2007-2682date:2024-11-21T00:31:23.940

SOURCES RELEASE DATE
db:VULHUBid:VHN-26044date:2007-05-18T00:00:00
db:BIDid:24027date:2007-05-16T00:00:00
db:JVNDBid:JVNDB-2007-002024date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200705-383date:2007-05-18T00:00:00
db:NVDid:CVE-2007-2682date:2007-05-18T18:30:00