[Chachazz]

Security Bulletin
MPSB05-04 — Potential Security Risk with Macromedia eLicensing Client Activation Code

Originally posted: June 9, 2005
Summary

Windows versions of the Macromedia installers and eLicensing client install a service with permissions that allow any member of the "Users" group to modify the service settings. This may allow local users to obtain the permissions of the "Local System" account.

This potential vulnerability does not affect products installed on machines with a single user and it cannot be exploited remotely.
Solution

A hotfix can be downloaded from the Macromedia website to protect users of affected versions of Macromedia products, listed below.

All future versions of Macromedia products will be unaffected by this issue.
Affected Software Versions

All versions of Macromedia MX 2004 products (Studio, Studio with Flash Professional, Flash Professional, Flash, FreeHand, Dreamweaver, Fireworks, and Director) as well as Captivate, Contribute 2, and Contribute 3 are affected.
Severity Rating

Macromedia categorizes this issue as an important update and recommends that administrators of systems supporting multiple users apply the hotfix linked below.

More Info & Security Patch Download>>