China National Vulnerability DatabaseCNVD-2022-15925Adobe Creative Cloud Desktop Uncontrolled Search Path Element Vulnerability
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
Adobe Creative Cloud Desktop Application is a suite of applications from Adobe for managing applications and services in the Creative Cloud Member Management Center. The application supports synchronizing and sharing files, managing fonts, and accessing a library of assets for commercial photography and design.Adobe Creative Cloud Desktop 2.7.0.13 and earlier versions are vulnerable to uncontrolled search path elements. An attacker could exploit the vulnerability to execute arbitrary code (the victim user must download the malicious DLL file, which needs to be in the same folder as the installer, making it a highly sophisticated attack vector).
| CPE | Name | Operator | Version |
|---|---|---|---|
| Adobe Creative Cloud Desktop <= 2. | eq | 7.0.13 |
Related
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P