Lucene search

MitreCVE-2005-1307

HistoryMay 17, 2005 - 4:00 a.m.

CVE-2005-1307

2005-05-1704:00:00

mitre

web.nvd.nist.gov

adobe

version cue

mac os x

code execution

security vulnerability

cve-2005-1307

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

Percentile

0.4%

JSON

The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory.

Affected configurations

Nvd

Node

adobeversion_cueMatchgoldmac_os_x

Node

applemac_os_xMatch10.3.6

VendorProductVersionCPE
adobeversion_cuegoldcpe:2.3:a:adobe:version_cue:gold:*:mac_os_x:*:*:*:*:*
applemac_os_x10.3.6cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	version_cue	gold	cpe:2.3:a:adobe:version_cue:gold::mac_os_x:::::
apple	mac_os_x	10.3.6	cpe:2.3:o:apple:mac_os_x:10.3.6:::::::*

References

archives.neohapsis.com/archives/bugtraq/2004-12/0040.html

marc.info/?l=bugtraq&m=111627622403544&w=2

secunia.com/advisories/13399

securitytracker.com/id?1012446

www.adobe.com/support/techdocs/331621.html

www.osvdb.org/12297

www.osvdb.org/12298

www.securiteam.com/exploits/5EP0D20FQC.html

www.securityfocus.com/bid/11833

exchange.xforce.ibmcloud.com/vulnerabilities/18445

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

Percentile

0.4%

JSON

Related for CVE-2005-1307