CVE-2005-1307
First published: Tue May 17 2005(Updated: )
The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Version Cue | =gold | |
| Apple Mac OS X | =10.3.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securiteam.com/exploits/5EP0D20FQC.html
- http://archives.neohapsis.com/archives/bugtraq/2004-12/0040.html
- http://www.adobe.com/support/techdocs/331621.html
- http://www.securityfocus.com/bid/11833
- http://www.osvdb.org/12297
- http://www.osvdb.org/12298
- http://securitytracker.com/id?1012446
- http://secunia.com/advisories/13399
- http://marc.info/?l=bugtraq&m=111627622403544&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18445
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/adobe
- canonical/adobe version cue
- version/adobe version cue/gold
- vendor/apple
- canonical/apple mac os x
- version/apple mac os x/10.3.6