Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for Captivate by Adobe

    CVE-2021-36002 (GCVE-0-2021-36002)

    Vulnerability from nvd – Published: 2021-09-01 14:29 – Updated: 2024-09-16 23:05
    VLAI
    Title
    Adobe Captivate Installer Creation of Temporary File In Directory With Incorrect Permissions Could Lead To Privilege Escalation
    Summary
    Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim's machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer.
    CWE
    • CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Captivate Affected: unspecified , ≤ 11.5.5 (custom)
    Affected: unspecified , ≤ None (custom)
    Create a notification for this product.
    Date Public
    2021-08-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:47:43.508Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/captivate/apsb21-60.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Captivate",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "11.5.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "None",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-08-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim\u0027s machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-379",
                  "description": "Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-01T14:29:26.000Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://helpx.adobe.com/security/products/captivate/apsb21-60.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Captivate Installer Creation of Temporary File In Directory With Incorrect Permissions Could Lead To Privilege Escalation",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@adobe.com",
              "DATE_PUBLIC": "2021-08-17T23:00:00.000Z",
              "ID": "CVE-2021-36002",
              "STATE": "PUBLIC",
              "TITLE": "Adobe Captivate Installer Creation of Temporary File In Directory With Incorrect Permissions Could Lead To Privilege Escalation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Captivate",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "11.5.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "None"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "None"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "None"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Adobe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim\u0027s machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "availabilityImpact": "None",
                "baseScore": 5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "userInteraction": "Required",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpx.adobe.com/security/products/captivate/apsb21-60.html",
                  "refsource": "MISC",
                  "url": "https://helpx.adobe.com/security/products/captivate/apsb21-60.html"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2021-36002",
        "datePublished": "2021-09-01T14:29:26.336Z",
        "dateReserved": "2021-06-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:05:31.935Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-21011 (GCVE-0-2021-21011)

    Vulnerability from nvd – Published: 2021-01-13 22:40 – Updated: 2025-04-23 19:47
    VLAI
    Title
    Uncontrolled Search Path Element in Adobe Captivate 2019
    Summary
    Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element (CWE-427)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Captivate Affected: 11.5.1.499 and earlier
    Create a notification for this product.
    Date Public
    2021-01-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:23.087Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/captivate/apsb21-06.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-21011",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:20:30.318293Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T19:47:19.884Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Captivate",
              "vendor": "Adobe",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.5.1.499 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2021-01-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "Uncontrolled Search Path Element (CWE-427)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-13T22:40:01.000Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpx.adobe.com/security/products/captivate/apsb21-06.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Uncontrolled Search Path Element in Adobe Captivate 2019",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@adobe.com",
              "DATE_PUBLIC": "2021-01-12T23:00:00.000Z",
              "ID": "CVE-2021-21011",
              "STATE": "PUBLIC",
              "TITLE": "Uncontrolled Search Path Element in Adobe Captivate 2019"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Captivate",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "11.5.1.499 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Adobe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "High",
                "attackVector": "Local",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "userInteraction": "Required",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Uncontrolled Search Path Element (CWE-427)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpx.adobe.com/security/products/captivate/apsb21-06.html",
                  "refsource": "CONFIRM",
                  "url": "https://helpx.adobe.com/security/products/captivate/apsb21-06.html"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2021-21011",
        "datePublished": "2021-01-13T22:40:01.701Z",
        "dateReserved": "2020-12-18T00:00:00.000Z",
        "dateUpdated": "2025-04-23T19:47:19.884Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3098 (GCVE-0-2017-3098)

    Vulnerability from nvd – Published: 2017-06-20 17:00 – Updated: 2024-08-05 14:16
    VLAI
    Summary
    Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    https://helpx.adobe.com/security/products/captiva… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038657 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    n/a Adobe Captivate 9 and earlier. Affected: Adobe Captivate 9 and earlier.
    Date Public
    2017-06-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:16:27.845Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/captivate/apsb17-19.html"
              },
              {
                "name": "1038657",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038657"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Adobe Captivate 9 and earlier.",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Adobe Captivate 9 and earlier."
                }
              ]
            }
          ],
          "datePublic": "2017-06-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpx.adobe.com/security/products/captivate/apsb17-19.html"
            },
            {
              "name": "1038657",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038657"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@adobe.com",
              "ID": "CVE-2017-3098",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Adobe Captivate 9 and earlier.",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Adobe Captivate 9 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpx.adobe.com/security/products/captivate/apsb17-19.html",
                  "refsource": "CONFIRM",
                  "url": "https://helpx.adobe.com/security/products/captivate/apsb17-19.html"
                },
                {
                  "name": "1038657",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038657"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2017-3098",
        "datePublished": "2017-06-20T17:00:00.000Z",
        "dateReserved": "2016-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:16:27.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3087 (GCVE-0-2017-3087)

    Vulnerability from nvd – Published: 2017-06-20 17:00 – Updated: 2024-08-05 14:16
    VLAI
    Summary
    Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    https://helpx.adobe.com/security/products/captiva… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038657 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    n/a Adobe Captivate 9 and earlier. Affected: Adobe Captivate 9 and earlier.
    Date Public
    2017-06-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:16:27.729Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/captivate/apsb17-19.html"
              },
              {
                "name": "1038657",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038657"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Adobe Captivate 9 and earlier.",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Adobe Captivate 9 and earlier."
                }
              ]
            }
          ],
          "datePublic": "2017-06-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpx.adobe.com/security/products/captivate/apsb17-19.html"
            },
            {
              "name": "1038657",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038657"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@adobe.com",
              "ID": "CVE-2017-3087",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Adobe Captivate 9 and earlier.",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Adobe Captivate 9 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpx.adobe.com/security/products/captivate/apsb17-19.html",
                  "refsource": "CONFIRM",
                  "url": "https://helpx.adobe.com/security/products/captivate/apsb17-19.html"
                },
                {
                  "name": "1038657",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038657"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2017-3087",
        "datePublished": "2017-06-20T17:00:00.000Z",
        "dateReserved": "2016-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:16:27.729Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-3191 (GCVE-0-2010-3191)

    Vulnerability from nvd – Published: 2010-08-31 19:25 – Updated: 2024-08-07 03:03
    VLAI
    Summary
    Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .cptx file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/41233 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2010-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:03:18.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:7470",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7470"
              },
              {
                "name": "41233",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/41233"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .cptx file.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:7470",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7470"
            },
            {
              "name": "41233",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/41233"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-3191",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .cptx file.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:7470",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7470"
                },
                {
                  "name": "41233",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/41233"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-3191",
        "datePublished": "2010-08-31T19:25:00.000Z",
        "dateReserved": "2010-08-31T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:03:18.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-4708 (GCVE-0-2005-4708)

    Vulnerability from nvd – Published: 2006-02-02 11:00 – Updated: 2024-08-07 23:53
    VLAI
    Summary
    Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1014162 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1014161 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1014165 vdb-entryx_refsource_SECTRACK
    http://www.macromedia.com/devnet/security/securit… x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/423587/100… mailing-listx_refsource_BUGTRAQ
    http://www.kb.cert.org/vuls/id/953860 third-party-advisoryx_refsource_CERT-VN
    http://securitytracker.com/id?1014166 vdb-entryx_refsource_SECTRACK
    http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf x_refsource_MISC
    http://securitytracker.com/id?1014159 vdb-entryx_refsource_SECTRACK
    http://www.osvdb.org/17248 vdb-entryx_refsource_OSVDB
    http://securitytracker.com/id?1014163 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1014164 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2005/0723 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/15654 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1014158 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1014160 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/13925 vdb-entryx_refsource_BID
    Date Public
    2005-06-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:53:28.983Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1014162",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014162"
              },
              {
                "name": "1014161",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014161"
              },
              {
                "name": "1014165",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014165"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
              },
              {
                "name": "20060131 Windows Access Control Demystified",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
              },
              {
                "name": "VU#953860",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/953860"
              },
              {
                "name": "1014166",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014166"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
              },
              {
                "name": "1014159",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014159"
              },
              {
                "name": "17248",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/17248"
              },
              {
                "name": "1014163",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014163"
              },
              {
                "name": "1014164",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014164"
              },
              {
                "name": "ADV-2005-0723",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/0723"
              },
              {
                "name": "15654",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/15654"
              },
              {
                "name": "1014158",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014158"
              },
              {
                "name": "1014160",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014160"
              },
              {
                "name": "13925",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/13925"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-19T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1014162",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014162"
            },
            {
              "name": "1014161",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014161"
            },
            {
              "name": "1014165",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014165"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
            },
            {
              "name": "20060131 Windows Access Control Demystified",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
            },
            {
              "name": "VU#953860",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/953860"
            },
            {
              "name": "1014166",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014166"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
            },
            {
              "name": "1014159",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014159"
            },
            {
              "name": "17248",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/17248"
            },
            {
              "name": "1014163",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014163"
            },
            {
              "name": "1014164",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014164"
            },
            {
              "name": "ADV-2005-0723",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/0723"
            },
            {
              "name": "15654",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/15654"
            },
            {
              "name": "1014158",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014158"
            },
            {
              "name": "1014160",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014160"
            },
            {
              "name": "13925",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/13925"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-4708",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1014162",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014162"
                },
                {
                  "name": "1014161",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014161"
                },
                {
                  "name": "1014165",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014165"
                },
                {
                  "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
                },
                {
                  "name": "20060131 Windows Access Control Demystified",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
                },
                {
                  "name": "VU#953860",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/953860"
                },
                {
                  "name": "1014166",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014166"
                },
                {
                  "name": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf",
                  "refsource": "MISC",
                  "url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
                },
                {
                  "name": "1014159",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014159"
                },
                {
                  "name": "17248",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/17248"
                },
                {
                  "name": "1014163",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014163"
                },
                {
                  "name": "1014164",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014164"
                },
                {
                  "name": "ADV-2005-0723",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/0723"
                },
                {
                  "name": "15654",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/15654"
                },
                {
                  "name": "1014158",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014158"
                },
                {
                  "name": "1014160",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014160"
                },
                {
                  "name": "13925",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/13925"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-4708",
        "datePublished": "2006-02-02T11:00:00.000Z",
        "dateReserved": "2006-02-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:53:28.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-36002 (GCVE-0-2021-36002)

    Vulnerability from cvelistv5 – Published: 2021-09-01 14:29 – Updated: 2024-09-16 23:05
    VLAI
    Title
    Adobe Captivate Installer Creation of Temporary File In Directory With Incorrect Permissions Could Lead To Privilege Escalation
    Summary
    Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim's machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer.
    CWE
    • CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Captivate Affected: unspecified , ≤ 11.5.5 (custom)
    Affected: unspecified , ≤ None (custom)
    Create a notification for this product.
    Date Public
    2021-08-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:47:43.508Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/captivate/apsb21-60.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Captivate",
              "vendor": "Adobe",
              "versions": [
                {
                  "lessThanOrEqual": "11.5.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "None",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-08-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim\u0027s machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-379",
                  "description": "Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-01T14:29:26.000Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://helpx.adobe.com/security/products/captivate/apsb21-60.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Adobe Captivate Installer Creation of Temporary File In Directory With Incorrect Permissions Could Lead To Privilege Escalation",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@adobe.com",
              "DATE_PUBLIC": "2021-08-17T23:00:00.000Z",
              "ID": "CVE-2021-36002",
              "STATE": "PUBLIC",
              "TITLE": "Adobe Captivate Installer Creation of Temporary File In Directory With Incorrect Permissions Could Lead To Privilege Escalation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Captivate",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "11.5.5"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "None"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "None"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "None"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Adobe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim\u0027s machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "availabilityImpact": "None",
                "baseScore": 5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "userInteraction": "Required",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpx.adobe.com/security/products/captivate/apsb21-60.html",
                  "refsource": "MISC",
                  "url": "https://helpx.adobe.com/security/products/captivate/apsb21-60.html"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2021-36002",
        "datePublished": "2021-09-01T14:29:26.336Z",
        "dateReserved": "2021-06-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:05:31.935Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-21011 (GCVE-0-2021-21011)

    Vulnerability from cvelistv5 – Published: 2021-01-13 22:40 – Updated: 2025-04-23 19:47
    VLAI
    Title
    Uncontrolled Search Path Element in Adobe Captivate 2019
    Summary
    Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element (CWE-427)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adobe Captivate Affected: 11.5.1.499 and earlier
    Create a notification for this product.
    Date Public
    2021-01-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:23.087Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/captivate/apsb21-06.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-21011",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-23T13:20:30.318293Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-23T19:47:19.884Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Captivate",
              "vendor": "Adobe",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.5.1.499 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2021-01-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "Uncontrolled Search Path Element (CWE-427)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-13T22:40:01.000Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpx.adobe.com/security/products/captivate/apsb21-06.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Uncontrolled Search Path Element in Adobe Captivate 2019",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@adobe.com",
              "DATE_PUBLIC": "2021-01-12T23:00:00.000Z",
              "ID": "CVE-2021-21011",
              "STATE": "PUBLIC",
              "TITLE": "Uncontrolled Search Path Element in Adobe Captivate 2019"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Captivate",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "11.5.1.499 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Adobe"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "High",
                "attackVector": "Local",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "userInteraction": "Required",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Uncontrolled Search Path Element (CWE-427)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpx.adobe.com/security/products/captivate/apsb21-06.html",
                  "refsource": "CONFIRM",
                  "url": "https://helpx.adobe.com/security/products/captivate/apsb21-06.html"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2021-21011",
        "datePublished": "2021-01-13T22:40:01.701Z",
        "dateReserved": "2020-12-18T00:00:00.000Z",
        "dateUpdated": "2025-04-23T19:47:19.884Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3087 (GCVE-0-2017-3087)

    Vulnerability from cvelistv5 – Published: 2017-06-20 17:00 – Updated: 2024-08-05 14:16
    VLAI
    Summary
    Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    https://helpx.adobe.com/security/products/captiva… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038657 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    n/a Adobe Captivate 9 and earlier. Affected: Adobe Captivate 9 and earlier.
    Date Public
    2017-06-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:16:27.729Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/captivate/apsb17-19.html"
              },
              {
                "name": "1038657",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038657"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Adobe Captivate 9 and earlier.",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Adobe Captivate 9 and earlier."
                }
              ]
            }
          ],
          "datePublic": "2017-06-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpx.adobe.com/security/products/captivate/apsb17-19.html"
            },
            {
              "name": "1038657",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038657"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@adobe.com",
              "ID": "CVE-2017-3087",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Adobe Captivate 9 and earlier.",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Adobe Captivate 9 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpx.adobe.com/security/products/captivate/apsb17-19.html",
                  "refsource": "CONFIRM",
                  "url": "https://helpx.adobe.com/security/products/captivate/apsb17-19.html"
                },
                {
                  "name": "1038657",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038657"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2017-3087",
        "datePublished": "2017-06-20T17:00:00.000Z",
        "dateReserved": "2016-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:16:27.729Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3098 (GCVE-0-2017-3098)

    Vulnerability from cvelistv5 – Published: 2017-06-20 17:00 – Updated: 2024-08-05 14:16
    VLAI
    Summary
    Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    URL Tags
    https://helpx.adobe.com/security/products/captiva… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038657 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    n/a Adobe Captivate 9 and earlier. Affected: Adobe Captivate 9 and earlier.
    Date Public
    2017-06-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:16:27.845Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpx.adobe.com/security/products/captivate/apsb17-19.html"
              },
              {
                "name": "1038657",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038657"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Adobe Captivate 9 and earlier.",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Adobe Captivate 9 and earlier."
                }
              ]
            }
          ],
          "datePublic": "2017-06-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
            "shortName": "adobe"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpx.adobe.com/security/products/captivate/apsb17-19.html"
            },
            {
              "name": "1038657",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038657"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@adobe.com",
              "ID": "CVE-2017-3098",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Adobe Captivate 9 and earlier.",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Adobe Captivate 9 and earlier."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpx.adobe.com/security/products/captivate/apsb17-19.html",
                  "refsource": "CONFIRM",
                  "url": "https://helpx.adobe.com/security/products/captivate/apsb17-19.html"
                },
                {
                  "name": "1038657",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038657"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "assignerShortName": "adobe",
        "cveId": "CVE-2017-3098",
        "datePublished": "2017-06-20T17:00:00.000Z",
        "dateReserved": "2016-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:16:27.845Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-3191 (GCVE-0-2010-3191)

    Vulnerability from cvelistv5 – Published: 2010-08-31 19:25 – Updated: 2024-08-07 03:03
    VLAI
    Summary
    Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .cptx file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/41233 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2010-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:03:18.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:7470",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7470"
              },
              {
                "name": "41233",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/41233"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .cptx file.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:7470",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7470"
            },
            {
              "name": "41233",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/41233"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-3191",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .cptx file.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:7470",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7470"
                },
                {
                  "name": "41233",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/41233"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-3191",
        "datePublished": "2010-08-31T19:25:00.000Z",
        "dateReserved": "2010-08-31T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:03:18.389Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-4708 (GCVE-0-2005-4708)

    Vulnerability from cvelistv5 – Published: 2006-02-02 11:00 – Updated: 2024-08-07 23:53
    VLAI
    Summary
    Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1014162 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1014161 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1014165 vdb-entryx_refsource_SECTRACK
    http://www.macromedia.com/devnet/security/securit… x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/423587/100… mailing-listx_refsource_BUGTRAQ
    http://www.kb.cert.org/vuls/id/953860 third-party-advisoryx_refsource_CERT-VN
    http://securitytracker.com/id?1014166 vdb-entryx_refsource_SECTRACK
    http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf x_refsource_MISC
    http://securitytracker.com/id?1014159 vdb-entryx_refsource_SECTRACK
    http://www.osvdb.org/17248 vdb-entryx_refsource_OSVDB
    http://securitytracker.com/id?1014163 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1014164 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2005/0723 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/15654 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1014158 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1014160 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/13925 vdb-entryx_refsource_BID
    Date Public
    2005-06-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:53:28.983Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1014162",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014162"
              },
              {
                "name": "1014161",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014161"
              },
              {
                "name": "1014165",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014165"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
              },
              {
                "name": "20060131 Windows Access Control Demystified",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
              },
              {
                "name": "VU#953860",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/953860"
              },
              {
                "name": "1014166",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014166"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
              },
              {
                "name": "1014159",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014159"
              },
              {
                "name": "17248",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/17248"
              },
              {
                "name": "1014163",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014163"
              },
              {
                "name": "1014164",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014164"
              },
              {
                "name": "ADV-2005-0723",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/0723"
              },
              {
                "name": "15654",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/15654"
              },
              {
                "name": "1014158",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014158"
              },
              {
                "name": "1014160",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1014160"
              },
              {
                "name": "13925",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/13925"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-19T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1014162",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014162"
            },
            {
              "name": "1014161",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014161"
            },
            {
              "name": "1014165",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014165"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
            },
            {
              "name": "20060131 Windows Access Control Demystified",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
            },
            {
              "name": "VU#953860",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/953860"
            },
            {
              "name": "1014166",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014166"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
            },
            {
              "name": "1014159",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014159"
            },
            {
              "name": "17248",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/17248"
            },
            {
              "name": "1014163",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014163"
            },
            {
              "name": "1014164",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014164"
            },
            {
              "name": "ADV-2005-0723",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/0723"
            },
            {
              "name": "15654",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/15654"
            },
            {
              "name": "1014158",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014158"
            },
            {
              "name": "1014160",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1014160"
            },
            {
              "name": "13925",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/13925"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-4708",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1014162",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014162"
                },
                {
                  "name": "1014161",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014161"
                },
                {
                  "name": "1014165",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014165"
                },
                {
                  "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html"
                },
                {
                  "name": "20060131 Windows Access Control Demystified",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"
                },
                {
                  "name": "VU#953860",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/953860"
                },
                {
                  "name": "1014166",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014166"
                },
                {
                  "name": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf",
                  "refsource": "MISC",
                  "url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"
                },
                {
                  "name": "1014159",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014159"
                },
                {
                  "name": "17248",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/17248"
                },
                {
                  "name": "1014163",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014163"
                },
                {
                  "name": "1014164",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014164"
                },
                {
                  "name": "ADV-2005-0723",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/0723"
                },
                {
                  "name": "15654",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/15654"
                },
                {
                  "name": "1014158",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014158"
                },
                {
                  "name": "1014160",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1014160"
                },
                {
                  "name": "13925",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/13925"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-4708",
        "datePublished": "2006-02-02T11:00:00.000Z",
        "dateReserved": "2006-02-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:53:28.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }