VAR-200505-1230

Vulnerability from variot - Updated: 2025-04-03 22:33

The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory. A local privilege escalation vulnerability reportedly affects Adobe Version Cue. This issue is due to a failure of the application to validate its environment, allowing an attacker to run arbitrary script code. It should be noted that this issue reportedly only affects Adobe Version Cue on Mac OS X platforms. An attacker may exploit this issue to have arbitrary scripts run with superuser privileges. This will facilitate privileges escalation

Show details on source website
To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200505-1230",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "version cue",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "adobe",
        "version": "gold"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.3.6"
      },
      {
        "model": "version cue",
        "scope": null,
        "trust": 0.3,
        "vendor": "adobe",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "11833"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-1090"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1307"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "fintler",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-1090"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2005-1307",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2005-1307",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-12516",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2005-1307",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200505-1090",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-12516",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-12516"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-1090"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1307"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory. A local privilege escalation vulnerability reportedly affects Adobe Version Cue.  This issue is due to a failure of the application to validate its environment, allowing an attacker to run arbitrary script code. \nIt should be noted that this issue reportedly only affects Adobe Version Cue on Mac OS X platforms. \nAn attacker may exploit this issue to have arbitrary scripts run with superuser privileges.  This will facilitate privileges escalation",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-1307"
      },
      {
        "db": "BID",
        "id": "11833"
      },
      {
        "db": "VULHUB",
        "id": "VHN-12516"
      }
    ],
    "trust": 1.26
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-12516",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-12516"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "11833",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1012446",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "13399",
        "trust": 1.7
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1307",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "12297",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "12298",
        "trust": 1.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20050516 MAC OS X - ADOBE VERSION CUE LOCAL ROOT EXPLOIT [C VERSION EXPLOIT]",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20041206 LOCAL ROOT EXPLOIT ON MAC OS X WITH ADOBE VERSION CUE",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "18445",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-1090",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "680",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-62939",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-12516",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-12516"
      },
      {
        "db": "BID",
        "id": "11833"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-1090"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1307"
      }
    ]
  },
  "id": "VAR-200505-1230",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-12516"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-03T22:33:03.115000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-1307"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/11833"
      },
      {
        "trust": 1.7,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2004-12/0040.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.adobe.com/support/techdocs/331621.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securiteam.com/exploits/5ep0d20fqc.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/12297"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/12298"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1012446"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/13399"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18445"
      },
      {
        "trust": 1.0,
        "url": "http://marc.info/?l=bugtraq\u0026m=111627622403544\u0026w=2"
      },
      {
        "trust": 0.6,
        "url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=111627622403544\u0026w=2"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/18445"
      },
      {
        "trust": 0.3,
        "url": "http://www.adobe.com/products/creativesuite/versioncue.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/383548"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=111627622403544\u0026amp;w=2"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-12516"
      },
      {
        "db": "BID",
        "id": "11833"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-1090"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1307"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-12516"
      },
      {
        "db": "BID",
        "id": "11833"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-1090"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-1307"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-05-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-12516"
      },
      {
        "date": "2004-12-07T00:00:00",
        "db": "BID",
        "id": "11833"
      },
      {
        "date": "2005-05-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200505-1090"
      },
      {
        "date": "2005-05-17T04:00:00",
        "db": "NVD",
        "id": "CVE-2005-1307"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-12516"
      },
      {
        "date": "2004-12-07T00:00:00",
        "db": "BID",
        "id": "11833"
      },
      {
        "date": "2005-10-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200505-1090"
      },
      {
        "date": "2025-04-03T01:03:51.193000",
        "db": "NVD",
        "id": "CVE-2005-1307"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "11833"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-1090"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Adobe Version Cue Local privilege vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-1090"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "11833"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200505-1090"
      }
    ],
    "trust": 0.9
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.