Local Code Execution Vulnerability in Adobe Version Cue for Mac OS X
CVE-2005-1307

Currently unrated

Key Information:

Vendor: Adobe
Status: Version Cue
Vendor: CVE Published:; 17 May 2005

Summary

Adobe Version Cue on Mac OS X contains vulnerabilities within the stopserver.sh and startserver.sh scripts. These scripts leverage the current working directory to locate and run the productname.sh script. This design flaw allows local users to manipulate the execution process by placing malicious scripts in user-controlled directories, potentially leading to arbitrary code execution with elevated privileges.

References

http://secunia.com/advisories/13399

third-party-advisoryx_refsource_SECUNIA

http://www.adobe.com/support/techdocs/331621.html

x_refsource_CONFIRM

http://www.osvdb.org/12297

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
May 17, 2005
Vulnerability Reserved
Apr 27, 2005