Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Macromedia Multiple Products Privilege Escalation Vulnerability

Mar 15, 2004 12:03AM PST

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
Macromedia Studio MX 2004
Macromedia Flash MX Professional 2004
Macromedia Flash MX 2004
Macromedia Fireworks MX 2004
Macromedia Dreamweaver MX 2004
Macromedia Contribute 2

DESCRIPTION:
Chris Irvine has discovered a vulnerability in Macromedia MX 2004
products, which can be exploited by malicious, local users to
escalate their privileges.

The problem is that the setuid root file "Library/Application
Support/Macrovision/AuthenticationService" is writable by "other".
This can be exploited to execute arbitrary code with the privileges
of a user using the affected products by overwriting the file.

The vulnerability affect Macromedia MX 2004 products and Contribute 2
running on the Mac OS X platform.

SOLUTION:
Apply updates.

English:
http://download.macromedia.com/pub/updates/licensing/hotfix/osx_upgrades_1_039en.dmg

http://secunia.com/advisories/11123/

Discussion is locked