FKIE_CVE-2005-4708

Vulnerability from fkie_nvd - Published: 2005-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System.
References
cve@mitre.orghttp://secunia.com/advisories/15654
cve@mitre.orghttp://securitytracker.com/id?1014158
cve@mitre.orghttp://securitytracker.com/id?1014159
cve@mitre.orghttp://securitytracker.com/id?1014160
cve@mitre.orghttp://securitytracker.com/id?1014161
cve@mitre.orghttp://securitytracker.com/id?1014162
cve@mitre.orghttp://securitytracker.com/id?1014163
cve@mitre.orghttp://securitytracker.com/id?1014164
cve@mitre.orghttp://securitytracker.com/id?1014165
cve@mitre.orghttp://securitytracker.com/id?1014166
cve@mitre.orghttp://www.cs.princeton.edu/~sudhakar/papers/winval.pdf
cve@mitre.orghttp://www.kb.cert.org/vuls/id/953860US Government Resource
cve@mitre.orghttp://www.macromedia.com/devnet/security/security_zone/mpsb05-04.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.osvdb.org/17248
cve@mitre.orghttp://www.securityfocus.com/archive/1/423587/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/13925
cve@mitre.orghttp://www.vupen.com/english/advisories/2005/0723
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/15654
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1014158
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1014159
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1014160
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1014161
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1014162
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1014163
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1014164
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1014165
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1014166
af854a3a-2127-422b-91ae-364da2661108http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/953860US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/17248
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/423587/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/13925
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/0723
Impacted products
Vendor Product Version
adobe captivate *
adobe contribute 2
adobe contribute 3
adobe director *
adobe dreamweaver 9.0
adobe elicensing *
adobe fireworks 9.0
adobe flash_player *
adobe flash_player *
adobe freehand mx
adobe studio mx
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:captivate:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "62F9591A-A127-4302-97CE-722E492A8602",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:contribute:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CDB544B-76EC-49C0-94B1-E0035207A68D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:contribute:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F52C901F-914B-47A1-A160-CADF9DC899A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:director:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F6AC4F1-DE3D-4873-90BE-2AE1E3E60F3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:dreamweaver:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C183915-BF83-4446-90DF-3A2CE49BCE0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:elicensing:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9602D186-D707-484E-B31D-8C15D85EDC70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:fireworks:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D06FAD9-2CC0-4AAC-A2B5-6D118D00D7A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F901FB44-DC26-4284-B160-EE4A4F8F9DF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:pro:*:*:*:*:*",
              "matchCriteriaId": "C01FF7CE-BAD6-4539-A457-DABE0F21895A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:freehand:mx:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2BD6F32-57BE-4EB4-A2B8-043A8B28369C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:studio:mx:*:*:*:*:*:*:*",
              "matchCriteriaId": "3832577A-42EB-4C8F-878C-BFAF8479BAB4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System."
    }
  ],
  "id": "CVE-2005-4708",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/15654"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1014158"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1014159"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1014160"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1014161"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1014162"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1014163"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1014164"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1014165"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1014166"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/953860"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/17248"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/13925"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/0723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/15654"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1014158"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1014159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1014160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1014161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1014162"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1014163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1014164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1014165"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1014166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/953860"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/17248"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/13925"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/0723"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.