The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe version cue gold |
||
apple mac os x 10.3.6 |