Vulnerabilites related to adobe - director
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | captivate | * | |
| adobe | contribute | 2 | |
| adobe | contribute | 3 | |
| adobe | director | * | |
| adobe | dreamweaver | 9.0 | |
| adobe | elicensing | * | |
| adobe | fireworks | 9.0 | |
| adobe | flash_player | * | |
| adobe | flash_player | * | |
| adobe | freehand | mx | |
| adobe | studio | mx |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:captivate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62F9591A-A127-4302-97CE-722E492A8602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:contribute:2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDB544B-76EC-49C0-94B1-E0035207A68D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:contribute:3:*:*:*:*:*:*:*",
"matchCriteriaId": "F52C901F-914B-47A1-A160-CADF9DC899A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:director:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F6AC4F1-DE3D-4873-90BE-2AE1E3E60F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:dreamweaver:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C183915-BF83-4446-90DF-3A2CE49BCE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:elicensing:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9602D186-D707-484E-B31D-8C15D85EDC70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:fireworks:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D06FAD9-2CC0-4AAC-A2B5-6D118D00D7A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F901FB44-DC26-4284-B160-EE4A4F8F9DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:*:*:pro:*:*:*:*:*",
"matchCriteriaId": "C01FF7CE-BAD6-4539-A457-DABE0F21895A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:freehand:mx:*:*:*:*:*:*:*",
"matchCriteriaId": "B2BD6F32-57BE-4EB4-A2B8-043A8B28369C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adobe:studio:mx:*:*:*:*:*:*:*",
"matchCriteriaId": "3832577A-42EB-4C8F-878C-BFAF8479BAB4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System."
}
],
"id": "CVE-2005-4708",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/15654"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014158"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014159"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014160"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014161"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014162"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014163"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014164"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014165"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014166"
},
{
"source": "cve@mitre.org",
"url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/953860"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/17248"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13925"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/0723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/15654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/953860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/17248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/0723"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-13 17:30
Modified
2025-04-11 00:51
Severity ?
Summary
Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:director:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58C4FCAB-2330-4C95-A969-D2AEBDFA7186",
"versionEndExcluding": "11.5.7.609",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:shockwave_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "568143B8-4800-4BCE-86DD-B9E410509C48",
"versionEndIncluding": "11.5.6.606",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C56F007-5F8E-4BDD-A803-C907BCC0AF55",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation."
},
{
"lang": "es",
"value": "Error de presencia de signo entero en dirapi.dll en Adobe Shockwave Player en versiones anteriores a la 11.5.7.609 y Adobe Director en versiones anteriores a la 11.5.7.609 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero .dir (tambi\u00e9n conocido como Director) manipulado que dispara una operaci\u00f3n de lectura inv\u00e1lida."
}
],
"evaluatorSolution": "Per: http://www.adobe.com/support/security/bulletins/apsb10-12.html\r\n\r\n\u0027Adobe recommends users of Adobe Shockwave Player 11.5.6.606 and earlier versions update to Adobe Shockwave Player 11.5.7.609\u0027",
"id": "CVE-2010-0128",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-05-13T17:30:01.780",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38751"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2010-19/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Broken Link"
],
"url": "http://www.coresecurity.com/content/adobe-director-invalid-read"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Broken Link",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/511240/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Broken Link",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/511261/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1128"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2010-19/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.coresecurity.com/content/adobe-director-invalid-read"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/511240/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/511261/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Tool Signature"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7273"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-0128 (GCVE-0-2010-0128)
Vulnerability from cvelistv5
Published
2010-05-13 17:00
Modified
2024-08-07 00:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:53.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38751"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/adobe-director-invalid-read"
},
{
"name": "20100512 Secunia Research: Adobe Shockwave Player Signedness Error Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511261/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"name": "20100511 [CORE-2010-0405] Adobe Director Invalid Read",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511240/100/0/threaded"
},
{
"name": "ADV-2010-1128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1128"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2010-19/"
},
{
"name": "oval:org.mitre.oval:def:7273",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7273"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "38751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38751"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/adobe-director-invalid-read"
},
{
"name": "20100512 Secunia Research: Adobe Shockwave Player Signedness Error Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511261/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"name": "20100511 [CORE-2010-0405] Adobe Director Invalid Read",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511240/100/0/threaded"
},
{
"name": "ADV-2010-1128",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1128"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2010-19/"
},
{
"name": "oval:org.mitre.oval:def:7273",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7273"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-0128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38751"
},
{
"name": "http://www.coresecurity.com/content/adobe-director-invalid-read",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/adobe-director-invalid-read"
},
{
"name": "20100512 Secunia Research: Adobe Shockwave Player Signedness Error Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511261/100/0/threaded"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-12.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-12.html"
},
{
"name": "20100511 [CORE-2010-0405] Adobe Director Invalid Read",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511240/100/0/threaded"
},
{
"name": "ADV-2010-1128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1128"
},
{
"name": "http://secunia.com/secunia_research/2010-19/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-19/"
},
{
"name": "oval:org.mitre.oval:def:7273",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7273"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2010-0128",
"datePublished": "2010-05-13T17:00:00",
"dateReserved": "2010-01-04T00:00:00",
"dateUpdated": "2024-08-07T00:37:53.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4708 (GCVE-0-2005-4708)
Vulnerability from cvelistv5
Published
2006-02-02 11:00
Modified
2024-08-07 23:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:28.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014162",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014162"
},
{
"name": "1014161",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014161"
},
{
"name": "1014165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014165"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
},
{
"name": "20060131 Windows Access Control Demystified",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
},
{
"name": "VU#953860",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/953860"
},
{
"name": "1014166",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014166"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
},
{
"name": "1014159",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014159"
},
{
"name": "17248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17248"
},
{
"name": "1014163",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014163"
},
{
"name": "1014164",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014164"
},
{
"name": "ADV-2005-0723",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0723"
},
{
"name": "15654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15654"
},
{
"name": "1014158",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014158"
},
{
"name": "1014160",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014160"
},
{
"name": "13925",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13925"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014162",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014162"
},
{
"name": "1014161",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014161"
},
{
"name": "1014165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014165"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
},
{
"name": "20060131 Windows Access Control Demystified",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
},
{
"name": "VU#953860",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/953860"
},
{
"name": "1014166",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014166"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
},
{
"name": "1014159",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014159"
},
{
"name": "17248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17248"
},
{
"name": "1014163",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014163"
},
{
"name": "1014164",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014164"
},
{
"name": "ADV-2005-0723",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0723"
},
{
"name": "15654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15654"
},
{
"name": "1014158",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014158"
},
{
"name": "1014160",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014160"
},
{
"name": "13925",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13925"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014162",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014162"
},
{
"name": "1014161",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014161"
},
{
"name": "1014165",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014165"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
},
{
"name": "20060131 Windows Access Control Demystified",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
},
{
"name": "VU#953860",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/953860"
},
{
"name": "1014166",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014166"
},
{
"name": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf",
"refsource": "MISC",
"url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
},
{
"name": "1014159",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014159"
},
{
"name": "17248",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17248"
},
{
"name": "1014163",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014163"
},
{
"name": "1014164",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014164"
},
{
"name": "ADV-2005-0723",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0723"
},
{
"name": "15654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15654"
},
{
"name": "1014158",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014158"
},
{
"name": "1014160",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014160"
},
{
"name": "13925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13925"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4708",
"datePublished": "2006-02-02T11:00:00",
"dateReserved": "2006-02-02T00:00:00",
"dateUpdated": "2024-08-07T23:53:28.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}