CVE-2004-2335

Name of the Vulnerable Software and Affected Versions: Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio (affected versions not specified)

Description: The issue concerns the Macromedia installers and e-licensing client on Mac OS X. It allows local users to gain privileges by modifying the AuthenticationService program, which is installed setuid and is writable by other users.

Recommendations: For the affected Macromedia products, consider restricting access to the AuthenticationService program until a fix is available. As a temporary workaround, consider disabling the setuid bit on the AuthenticationService program to prevent unauthorized modifications. Restrict write access to the AuthenticationService program to minimize the risk of exploitation.