PT-2004-3229 · Macromedia+1 · Director+7

Published

2004-12-31

Updated

2017-07-11

CVE-2004-2335

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio (affected versions not specified)

Description: The issue concerns the Macromedia installers and e-licensing client on Mac OS X. It allows local users to gain privileges by modifying the AuthenticationService program, which is installed setuid and is writable by other users.

Recommendations: For the affected Macromedia products, consider restricting access to the AuthenticationService program until a fix is available. As a temporary workaround, consider disabling the setuid bit on the AuthenticationService program to prevent unauthorized modifications. Restrict write access to the AuthenticationService program to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-2335

Affected Products

Authenticationservice

Director

Dreamweaver

Fireworks

Flash

Macos X

Macromedia Contribute

Studio

PT-2004-3229 · Macromedia+1 · Director+7

CVE-2004-2335

Related Identifiers

Affected Products

References · 5