Published: 24/08/2005 Updated: 05/09/2008

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 215

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, creates temporary log files with predictable names, which allows local users to modify arbitrary files via a symlink attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe version cue 1.0
adobe version cue 1.0.1

#!/usr/bin/perl # # Adobe Version Cue VCNative[OSX]: local root exploit # # by: vade79/v9 v9@fakehalous (fakehalo/realhalo) # # Adobe Version Cue's VCNative program writes data to a log file in # the current working directory while running as (setuid) root the # logfile is formated as <cwd>/VCNative-<pid>log, which is easily # pre ...

NVD-CWE-Other http://www.adobe.com/support/techdocs/327129.html http://secunia.com/advisories/16541 http://www.securityfocus.com/bid/14638 http://securitytracker.com/id?1014776 http://www.idefense.com/application/poi/display?id=297&type=vulnerabilities https://nvd.nist.gov https://www.exploit-db.com/exploits/1185/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-1842

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect