All the vulnerabilites related to X1a0He - Adobe Downloader
cve-2024-12786
Vulnerability from cvelistv5
Published
2024-12-19 15:00
Modified
2024-12-20 20:18
Severity ?
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS score ?
Summary
A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Downloader.helper of the component XPC Service. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. This product is not affiliated with the company Adobe.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.288966 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.288966 | signature, permissions-required | |
https://vuldb.com/?submit.464685 | third-party-advisory | |
https://winslow1984.com/books/cve-collection/page/adobe-downloader-131-local-privilege-escalation | exploit |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | X1a0He | Adobe Downloader |
Version: 1.3.0 Version: 1.3.1 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-12786", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-20T20:18:03.302209Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-20T20:18:23.612Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "modules": [ "XPC Service" ], "product": "Adobe Downloader", "vendor": "X1a0He", "versions": [ { "status": "affected", "version": "1.3.0" }, { "status": "affected", "version": "1.3.1" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "winslow1984 (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Downloader.helper of the component XPC Service. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. This product is not affiliated with the company Adobe." }, { "lang": "de", "value": "Es wurde eine Schwachstelle in X1a0He Adobe Downloader bis 1.3.1 f\u00fcr macOS gefunden. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion shouldAcceptNewConnection der Datei com.x1a0he.macOS.Adobe-Downloader.helper der Komponente XPC Service. Durch das Manipulieren mit unbekannten Daten kann eine improper privilege management-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV4_0": { "baseScore": 8.5, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 6.8, "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "Improper Privilege Management", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-266", "description": "Incorrect Privilege Assignment", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-19T15:00:22.547Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-288966 | X1a0He Adobe Downloader XPC Service com.x1a0he.macOS.Adobe-Downloader.helper shouldAcceptNewConnection privileges management", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.288966" }, { "name": "VDB-288966 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.288966" }, { "name": "Submit #464685 | https://github.com/X1a0He Adobe-Downloader \u003c= 1.3.1 Local Privilege Escalation", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.464685" }, { "tags": [ "exploit" ], "url": "https://winslow1984.com/books/cve-collection/page/adobe-downloader-131-local-privilege-escalation" } ], "timeline": [ { "lang": "en", "time": "2024-12-19T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-12-19T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-12-19T09:26:20.000Z", "value": "VulDB entry last update" } ], "title": "X1a0He Adobe Downloader XPC Service com.x1a0he.macOS.Adobe-Downloader.helper shouldAcceptNewConnection privileges management" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-12786", "datePublished": "2024-12-19T15:00:22.547Z", "dateReserved": "2024-12-19T08:20:09.032Z", "dateUpdated": "2024-12-20T20:18:23.612Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }