CVE-2005-4708
First published: Sat Dec 31 2005(Updated: )
Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Contribute | =3 | |
| Adobe Dreamweaver | =9.0 | |
| Adobe Flash Player for Internet Explorer 11 | ||
| Adobe Fireworks | =9.0 | |
| Adobe Contribute | =2 | |
| Adobe FreeHand | =mx | |
| Adobe Director | ||
| Adobe eLicensing | ||
| Adobe studio | =mx | |
| Adobe Captivate | ||
| Adobe Flash Player for Internet Explorer 11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/15654
- http://securitytracker.com/id?1014158
- http://securitytracker.com/id?1014159
- http://securitytracker.com/id?1014160
- http://securitytracker.com/id?1014161
- http://securitytracker.com/id?1014162
- http://securitytracker.com/id?1014163
- http://securitytracker.com/id?1014164
- http://securitytracker.com/id?1014165
- http://securitytracker.com/id?1014166
- http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf
- http://www.kb.cert.org/vuls/id/953860
- http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html
- http://www.osvdb.org/17248
- http://www.securityfocus.com/archive/1/423587/100/0/threaded
- http://www.securityfocus.com/bid/13925
- http://www.vupen.com/english/advisories/2005/0723
Frequently Asked Questions
What is the severity of CVE-2005-4708?
CVE-2005-4708 is considered a critical vulnerability due to its potential for local users to execute arbitrary code as Local System.
How do I fix CVE-2005-4708?
To fix CVE-2005-4708, ensure that the Macromedia Licensing Service is configured to restrict permissions properly and apply any available software updates from Adobe.
What products are affected by CVE-2005-4708?
CVE-2005-4708 affects Adobe Macromedia MX 2004 products, including Captivate, Contribute 2, Contribute 3, and several other Adobe software.
Can CVE-2005-4708 be exploited remotely?
CVE-2005-4708 is mainly an issue for local users, as it involves local privilege escalation rather than remote exploitation.
Is there a workaround for CVE-2005-4708?
A possible workaround for CVE-2005-4708 is to restrict local user permissions on the Macromedia Licensing Service until a patch is applied.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/adobe
- canonical/adobe contribute
- version/adobe contribute/3
- canonical/adobe dreamweaver
- version/adobe dreamweaver/9.0
- canonical/adobe flash player for internet explorer 11
- canonical/adobe fireworks
- version/adobe fireworks/9.0
- version/adobe contribute/2
- canonical/adobe freehand
- version/adobe freehand/mx
- canonical/adobe director
- canonical/adobe elicensing
- canonical/adobe studio
- version/adobe studio/mx
- canonical/adobe captivate