ID CVE-2005-4708
Summary Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System.
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:captivate:*:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:captivate:*:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:contribute:2:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:contribute:2:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:contribute:3:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:contribute:3:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:director:*:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:director:*:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:dreamweaver:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:dreamweaver:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:elicensing:*:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:elicensing:*:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:fireworks:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:fireworks:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:*:*:pro:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:*:*:pro:*:*:*:*:*
  • cpe:2.3:a:adobe:freehand:mx:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:freehand:mx:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:studio:mx:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:studio:mx:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 19-10-2018 - 15:41)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 13925
bugtraq 20060131 Windows Access Control Demystified
cert-vn VU#953860
confirm http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html
misc http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf
osvdb 17248
sectrack
  • 1014158
  • 1014159
  • 1014160
  • 1014161
  • 1014162
  • 1014163
  • 1014164
  • 1014165
  • 1014166
secunia 15654
vupen ADV-2005-0723
Last major update 19-10-2018 - 15:41
Published 31-12-2005 - 05:00
Last modified 19-10-2018 - 15:41
Back to Top