| |
Vulnerability CVE-2004-2335
Published: 2004-12-31 Modified: 2012-02-12
| Description: |
The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain privileges by modifying the program. |
CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
7.2/10 |
10/10 |
3.9/10 |
| Exploit range |
Attack complexity |
Authentication |
Local |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Complete |
Complete |
Complete |
References: |
http://xforce.iss.net/xforce/xfdb/15465
http://www.securityfocus.com/bid/9862
http://www.macromedia.com/devnet/security/security_zone/mpsb04-03.html
http://secunia.com/advisories/11123
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
