SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Adobe Graphics Server Vendors:   Adobe Systems Incorporated
Adobe Graphics Server Interactive Login Configuration Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1015769
SecurityTracker URL:  http://securitytracker.com/id/1015769
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 15 2006
Impact:   Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.0, 2.1
Description:   A vulnerability was reported in Adobe Graphics Server. A remote user can cause arbitrary code to be executed on the target system.

When configured according to vendor recommendations, a remote user may be able to cause arbitrary code to be executed on the target system. The remote user can load arbitrary code onto the server such that it will be executed the next time an interactive user login occurs.

The code will run with the privileges of the Adobe Server service account. On some systems, this may be System level privileges.

Only Windows-based systems are affected.

The vendor credits Secunia with reporting this vulnerability.

Impact:   A remote user can cause arbitrary code to be executed on the target system with the privileges with the Adobe Server service account.
Solution:   The vendor recommends following a manual hardening process as well as restricting interactive logins to the service account for the server (adbeserv) by using local security policies.

The vendor's advisory describes the service account restriction steps and is available at:

http://www.adobe.com/support/techdocs/332989.html

Vendor URL:  www.adobe.com/support/techdocs/332989.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC