cnvd - cnvd-2018-07045

cnvd-2018-07045

Vulnerability from cnvd

Title: Adobe Dreamweaver任意代码执行漏洞

Description:

Adobe Dreamweaver，简称“DW”，是集网页制作和管理网站于一身的所见即所得网页代码编辑器。Adobe Dreamweaver使用所见即所得的接口，亦有HTML（标准通用标记语言下的一个应用）编辑的功能，借助经过简化的智能编码引擎，轻松地创建、编码和管理动态网站。

Adobe Dreamweaver存在任意代码执行漏洞，该漏洞是由于URI处理程序中的缺陷所致，攻击者可利用该漏洞执行任意代码。

Severity: 高

Patch Name: Adobe Dreamweaver任意代码执行漏洞的补丁

Patch Description:

Adobe Dreamweaver存在任意代码执行漏洞，该漏洞是由于URI处理程序中的缺陷所致，攻击者可利用该漏洞执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://helpx.adobe.com/security/products/dreamweaver/apsb18-07.html

Reference: https://securitytracker.com/id/1040516

Impacted products

Name
Adobe Dreamweaver CC <=18.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-4924"
    }
  },
  "description": "Adobe Dreamweaver\uff0c\u7b80\u79f0\u201cDW\u201d\uff0c\u662f\u96c6\u7f51\u9875\u5236\u4f5c\u548c\u7ba1\u7406\u7f51\u7ad9\u4e8e\u4e00\u8eab\u7684\u6240\u89c1\u5373\u6240\u5f97\u7f51\u9875\u4ee3\u7801\u7f16\u8f91\u5668\u3002Adobe Dreamweaver\u4f7f\u7528\u6240\u89c1\u5373\u6240\u5f97\u7684\u63a5\u53e3\uff0c\u4ea6\u6709HTML\uff08\u6807\u51c6\u901a\u7528\u6807\u8bb0\u8bed\u8a00\u4e0b\u7684\u4e00\u4e2a\u5e94\u7528\uff09\u7f16\u8f91\u7684\u529f\u80fd\uff0c\u501f\u52a9\u7ecf\u8fc7\u7b80\u5316\u7684\u667a\u80fd\u7f16\u7801\u5f15\u64ce\uff0c\u8f7b\u677e\u5730\u521b\u5efa\u3001\u7f16\u7801\u548c\u7ba1\u7406\u52a8\u6001\u7f51\u7ad9\u3002\r\n\r\nAdobe Dreamweaver\u5b58\u5728\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eURI\u5904\u7406\u7a0b\u5e8f\u4e2d\u7684\u7f3a\u9677\u6240\u81f4\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Adobe",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://helpx.adobe.com/security/products/dreamweaver/apsb18-07.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-07045",
  "openTime": "2018-04-04",
  "patchDescription": "Adobe Dreamweaver\uff0c\u7b80\u79f0\u201cDW\u201d\uff0c\u662f\u96c6\u7f51\u9875\u5236\u4f5c\u548c\u7ba1\u7406\u7f51\u7ad9\u4e8e\u4e00\u8eab\u7684\u6240\u89c1\u5373\u6240\u5f97\u7f51\u9875\u4ee3\u7801\u7f16\u8f91\u5668\u3002Adobe Dreamweaver\u4f7f\u7528\u6240\u89c1\u5373\u6240\u5f97\u7684\u63a5\u53e3\uff0c\u4ea6\u6709HTML\uff08\u6807\u51c6\u901a\u7528\u6807\u8bb0\u8bed\u8a00\u4e0b\u7684\u4e00\u4e2a\u5e94\u7528\uff09\u7f16\u8f91\u7684\u529f\u80fd\uff0c\u501f\u52a9\u7ecf\u8fc7\u7b80\u5316\u7684\u667a\u80fd\u7f16\u7801\u5f15\u64ce\uff0c\u8f7b\u677e\u5730\u521b\u5efa\u3001\u7f16\u7801\u548c\u7ba1\u7406\u52a8\u6001\u7f51\u7ad9\u3002\r\n\r\nAdobe Dreamweaver\u5b58\u5728\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eURI\u5904\u7406\u7a0b\u5e8f\u4e2d\u7684\u7f3a\u9677\u6240\u81f4\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Dreamweaver\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Adobe Dreamweaver CC \u003c=18.0"
  },
  "referenceLink": "https://securitytracker.com/id/1040516",
  "serverity": "\u9ad8",
  "submitTime": "2018-03-14",
  "title": "Adobe Dreamweaver\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2018-4924 (GCVE-0-2018-4924)

Vulnerability from cvelistv5

Published

2018-05-19 17:00

Modified

2024-08-05 05:18

Severity ?

CWE

OS Command Injection

Summary

Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

References

▼	URL	Tags
	https://helpx.adobe.com/security/products/dreamweaver/apsb18-07.html	x_refsource_MISC
	http://www.securityfocus.com/bid/103395	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1040516	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	Adobe Dreamweaver CC 18.0 and earlier versions	Version: Adobe Dreamweaver CC 18.0 and earlier versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:18:26.974Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/dreamweaver/apsb18-07.html"
          },
          {
            "name": "103395",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103395"
          },
          {
            "name": "1040516",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040516"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Adobe Dreamweaver CC 18.0 and earlier versions",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Adobe Dreamweaver CC 18.0 and earlier versions"
            }
          ]
        }
      ],
      "datePublic": "2018-05-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "OS Command Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-20T09:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://helpx.adobe.com/security/products/dreamweaver/apsb18-07.html"
        },
        {
          "name": "103395",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103395"
        },
        {
          "name": "1040516",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040516"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2018-4924",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Adobe Dreamweaver CC 18.0 and earlier versions",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Adobe Dreamweaver CC 18.0 and earlier versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "OS Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/dreamweaver/apsb18-07.html",
              "refsource": "MISC",
              "url": "https://helpx.adobe.com/security/products/dreamweaver/apsb18-07.html"
            },
            {
              "name": "103395",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103395"
            },
            {
              "name": "1040516",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040516"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2018-4924",
    "datePublished": "2018-05-19T17:00:00",
    "dateReserved": "2018-01-03T00:00:00",
    "dateUpdated": "2024-08-05T05:18:26.974Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted