Macromedia Security Bulletin MPSB05-04

Discussion in 'other security issues & news' started by NICK ADSL UK, Jun 10, 2005.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Post courtesy of Donna Buenaventura [Microsoft MVP]
    Potential Security Risk with Macromedia eLicensing Client Activation Code

    Summary

    Windows versions of the Macromedia installers and eLicensing client install a service with permissions that allow any member of the "Users" group to modify the service settings. This may allow local users to obtain the permissions of the "Local System" account.

    This potential vulnerability does not affect products installed on machines with a single user and it cannot be exploited remotely.

    Solution

    A hotfix can be downloaded from the Macromedia website to protect users of affected versions of Macromedia products, listed below.

    All future versions of Macromedia products will be unaffected by this issue.

    Affected Software Versions

    All versions of Macromedia MX 2004 products (Studio, Studio with Flash Professional, Flash Professional, Flash, FreeHand, Dreamweaver, Fireworks, and Director) as well as Captivate, Contribute 2, and Contribute 3 are affected.

    More info in http://www.macromedia.com/devnet/security/security_zone/mpsb05-04.html
     
Loading...
Thread Status:
Not open for further replies.