var-200505-1230
Vulnerability from variot
The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory. A local privilege escalation vulnerability reportedly affects Adobe Version Cue. This issue is due to a failure of the application to validate its environment, allowing an attacker to run arbitrary script code. It should be noted that this issue reportedly only affects Adobe Version Cue on Mac OS X platforms. An attacker may exploit this issue to have arbitrary scripts run with superuser privileges. This will facilitate privileges escalation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-1230",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "version cue",
"scope": "eq",
"trust": 1.6,
"vendor": "adobe",
"version": "gold"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.3.6"
},
{
"model": "version cue",
"scope": null,
"trust": 0.3,
"vendor": "adobe",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "11833"
},
{
"db": "NVD",
"id": "CVE-2005-1307"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1090"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:version_cue:gold:*:mac_os_x:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1307"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "fintler",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1090"
}
],
"trust": 0.6
},
"cve": "CVE-2005-1307",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-12516",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-1307",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-1090",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-12516",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12516"
},
{
"db": "NVD",
"id": "CVE-2005-1307"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1090"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory. A local privilege escalation vulnerability reportedly affects Adobe Version Cue. This issue is due to a failure of the application to validate its environment, allowing an attacker to run arbitrary script code. \nIt should be noted that this issue reportedly only affects Adobe Version Cue on Mac OS X platforms. \nAn attacker may exploit this issue to have arbitrary scripts run with superuser privileges. This will facilitate privileges escalation",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1307"
},
{
"db": "BID",
"id": "11833"
},
{
"db": "VULHUB",
"id": "VHN-12516"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-12516",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12516"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "11833",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1012446",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "13399",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2005-1307",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "12297",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "12298",
"trust": 1.7
},
{
"db": "BUGTRAQ",
"id": "20050516 MAC OS X - ADOBE VERSION CUE LOCAL ROOT EXPLOIT [C VERSION EXPLOIT]",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20041206 LOCAL ROOT EXPLOIT ON MAC OS X WITH ADOBE VERSION CUE",
"trust": 0.6
},
{
"db": "XF",
"id": "18445",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1090",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "680",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-62939",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-12516",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12516"
},
{
"db": "BID",
"id": "11833"
},
{
"db": "NVD",
"id": "CVE-2005-1307"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1090"
}
]
},
"id": "VAR-200505-1230",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12516"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:35:43.651000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1307"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/11833"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-12/0040.html"
},
{
"trust": 1.7,
"url": "http://www.adobe.com/support/techdocs/331621.html"
},
{
"trust": 1.7,
"url": "http://www.securiteam.com/exploits/5ep0d20fqc.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/12297"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/12298"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1012446"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/13399"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18445"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=111627622403544\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=111627622403544\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/18445"
},
{
"trust": 0.3,
"url": "http://www.adobe.com/products/creativesuite/versioncue.html"
},
{
"trust": 0.3,
"url": "/archive/1/383548"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=111627622403544\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12516"
},
{
"db": "BID",
"id": "11833"
},
{
"db": "NVD",
"id": "CVE-2005-1307"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1090"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12516"
},
{
"db": "BID",
"id": "11833"
},
{
"db": "NVD",
"id": "CVE-2005-1307"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1090"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-17T00:00:00",
"db": "VULHUB",
"id": "VHN-12516"
},
{
"date": "2004-12-07T00:00:00",
"db": "BID",
"id": "11833"
},
{
"date": "2005-05-17T04:00:00",
"db": "NVD",
"id": "CVE-2005-1307"
},
{
"date": "2005-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1090"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-12516"
},
{
"date": "2004-12-07T00:00:00",
"db": "BID",
"id": "11833"
},
{
"date": "2017-07-11T01:32:36.890000",
"db": "NVD",
"id": "CVE-2005-1307"
},
{
"date": "2005-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-1090"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "11833"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1090"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Version Cue Local privilege vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-1090"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "11833"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-1090"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.