Vulnerability Description
The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Version Cue | gold |
| Apple | Mac Os X | 10.3.6 |
References
- http://archives.neohapsis.com/archives/bugtraq/2004-12/0040.html
- http://marc.info/?l=bugtraq&m=111627622403544&w=2
- http://secunia.com/advisories/13399
- http://securitytracker.com/id?1012446
- http://www.adobe.com/support/techdocs/331621.html
- http://www.osvdb.org/12297
- http://www.osvdb.org/12298
- http://www.securiteam.com/exploits/5EP0D20FQC.htmlExploit
- http://www.securityfocus.com/bid/11833
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18445
- http://archives.neohapsis.com/archives/bugtraq/2004-12/0040.html
- http://marc.info/?l=bugtraq&m=111627622403544&w=2
- http://secunia.com/advisories/13399
- http://securitytracker.com/id?1012446
- http://www.adobe.com/support/techdocs/331621.html
FAQ
What is CVE-2005-1307?
CVE-2005-1307 is a vulnerability with a CVSS score of 7.2 (HIGH). The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to exec...
How severe is CVE-2005-1307?
CVE-2005-1307 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1307?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Version Cue, Apple Mac Os X.