Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-1842

4 documents4 sources

Severity

2.1LOW

EPSS

0.7%

top 27.49%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Adobe Version CUE

Timeline

PublishedAug 24

Latest updateMay 1

Description

VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, creates temporary log files with predictable names, which allows local users to modify arbitrary files via a symlink attack.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDadobe/version_cue1.0, 1.0.1+1

Patches

Patch: secunia.com ↗Patch: www.adobe.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-p4wf-5f53-6vmw: VCNative for Adobe Version Cue 1↗2022-05-01

▶

CVEList

CVE-2005-1842: VCNative for Adobe Version Cue 1↗2005-08-24

▶

💥Exploits & PoCs

Exploit-DB

Adobe Version Cue 1.0/1.0.1 (OSX) - Local Privilege Escalation↗2005-08-30

▶