[NEWS] Adobe License Management Service Vulnerability

From: SecuriTeam (support_at_securiteam.com)
Date: 06/20/05

  • Next message: SecuriTeam: "[NEWS] Cisco 802.1x Voice-Enabled Interfaces Allow Anonymous Voice VLAN Access"
    To: list@securiteam.com
    Date: 20 Jun 2005 10:24:39 +0200
    
    

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Adobe License Management Service Vulnerability
    ------------------------------------------------------------------------

    SUMMARY

    A vulnerability within the Adobe License Management Service has been
    identified. The vulnerability exists due to a flaw in the installation of
    the License Management Service, which can lead to an unauthorized person
    gaining access to the user's computer. The Adobe License Management
    Service is installed with various Adobe products that require product
    activation.

    DETAILS

    Recommendations:
    Adobe recommends that all customers who purchased Adobe Photoshop CS,
    Adobe Creative Suite, or Adobe Premiere Pro 1.5 through the retail channel
    apply the Adobe License Management Service update (see the "Instructions"
    section) as a proactive measure.

    Customers using the latest version of Photoshop (version CS2) or Adobe
    Creative Suite (version CS2) are not exposed to this vulnerability and do
    not need to apply this update.

    Further, this update is applicable to products mentioned above on the
    Windows OS platform only.

    Caveat:
    If you reinstall the affected products from their original media, rerun
    the update after you reinstall the software.

    Instructions:
    1. Download the Adobe License Management Service update from
    <http://www.adobe.com/support/downloads/detail.jsp?ftpID=2955>
    http://www.adobe.com/support/downloads/detail.jsp?ftpID=2955.

    2. Quit all Adobe applications.

    3. Extract the downloaded almupd.zip file, and then double-click the
    almupd.exe file.

    4. Follow the on-screen instructions.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:psirt@adobe.com> Adobe
    PSIRT.
    The original article can be found at:
    <http://www.adobe.com/support/techdocs/331688.html>
    http://www.adobe.com/support/techdocs/331688.html

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.


  • Next message: SecuriTeam: "[NEWS] Cisco 802.1x Voice-Enabled Interfaces Allow Anonymous Voice VLAN Access"

    Relevant Pages

    • [NT] Multiple Vendor NOS Microsystems getPlus Downloader Stack Buffer Overflow Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... download, install, and update other software through the browser. ... Adobe uses this control ... for web based installations of Adobe Reader. ...
      (Securiteam)
    • [EXPL] Adobe Version Cue VCNative Symlink Attack (Exploit)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Version Cue is a software version tracking system for Adobe products ... within a short period of time crontab will overwrite ...
      (Securiteam)
    • [NEWS] Mac OS X / Adobe Version Cue Local Root
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A vulnerability in Mac OS X when its bundled with Adobe Version Cue allows ... haven:~ fintler$ id ...
      (Securiteam)
    • [EXPL] Adobe Version Cue VCNative Privileges Escalation (Exploit)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Version Cue is a software version tracking system for Adobe products ... Adobe Version Cue VCNative, the following exploit code can be used to test ...
      (Securiteam)