Lucene search

[email protected]CVE-2005-1307

HistoryMay 17, 2005 - 4:00 a.m.

CVE-2005-1307

2005-05-1704:00:00

[email protected]

web.nvd.nist.gov

adobe

version cue

mac os x

code execution

security vulnerability

cve-2005-1307

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory.

Affected configurations

NVD

Node

adobeversion_cueMatchgoldmac_os_x

Node

applemac_os_xMatch10.3.6

CPENameOperatorVersion
adobe:version_cueadobe version cueeqgold

CPE	Name	Operator	Version
adobe:version_cue	adobe version cue	eq	gold

References

archives.neohapsis.com/archives/bugtraq/2004-12/0040.html

marc.info/?l=bugtraq&m=111627622403544&w=2

secunia.com/advisories/13399

securitytracker.com/id?1012446

www.adobe.com/support/techdocs/331621.html

www.osvdb.org/12297

www.osvdb.org/12298

www.securiteam.com/exploits/5EP0D20FQC.html

www.securityfocus.com/bid/11833

exchange.xforce.ibmcloud.com/vulnerabilities/18445

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2005-1307

nvd1 cvelist1