Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Potential Security Risk with Macromedia E-Licensing Client Activation Code

Mar 12, 2004 5:08PM PST

Summary:

Macintosh versions of the Macromedia installers and
e-licensing client install a service whose file permissions allow "other" users to write to the file. This may allow one local user to obtain the permissions of another local user (including an admin user). This leads to a threat typically classified as Privilege Escalation.

This potential vulnerability affects only products installed on machines with multiple users. Further, it does not appear to be a threat under typical installation of Macromedia products where the computer's only user is already considered the administrator.

~~~~~~~

Solution:

A patch can be downloaded from the Macromedia website to protect users of current versions of Macromedia products:

http://www.macromedia.com/go/DMJL_AAAZ

Alternatively, a work-around is described in the "Making the Changes" section of this bulletin.

~~~~~~~

Affected Software Versions:

All supported Macintosh versions of Macromedia MX 2004
products as well as Contribute 2 may be affected.

http://www.securityfocus.com/advisories/6449

Discussion is locked