9.4 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:C/A:N
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
0.288 Low
EPSS
Percentile
96.9%
The version of Adobe Creative Cloud installed on the remote Windows host is prior or equal to 3.5.1.209. It is, therefore, affected by a flaw in the JavaScript API for Creative Cloud Libraries due to an exposed service. An unauthenticated, remote attacker can exploit this to read or write arbitrary files on the host file system.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(91386);
script_version("1.7");
script_cvs_date("Date: 2019/11/19");
script_cve_id("CVE-2016-1034");
script_bugtraq_id(86001);
script_xref(name:"ZDI", value:"ZDI-16-235");
script_name(english:"Adobe Creative Cloud <= 3.5.1.209 Arbitrary File Read/Write Vulnerability");
script_summary(english:"Checks the version of Creative Cloud.");
script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote host is affected by an
arbitrary file read/write vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Adobe Creative Cloud installed on the remote Windows
host is prior or equal to 3.5.1.209. It is, therefore, affected by a
flaw in the JavaScript API for Creative Cloud Libraries due to an
exposed service. An unauthenticated, remote attacker can exploit this
to read or write arbitrary files on the host file system.");
script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/creative-cloud/apsb16-11.html");
script_set_attribute(attribute:"see_also", value:"http://www.zerodayinitiative.com/advisories/ZDI-16-235/");
script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Creative Cloud version 3.6.0.244 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1034");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/12");
script_set_attribute(attribute:"patch_publication_date", value:"2016/04/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/31");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:creative_cloud");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("adobe_creative_cloud_installed.nbin");
script_require_keys("installed_sw/Adobe Creative Cloud");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");
app = 'Adobe Creative Cloud';
# Pull the installation information from the KB.
install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);
path = install['path'];
version = install['version'];
# For Adobe products, we compare the highest affected product, rather
# than the "fixed" version, as there is an ambiguous gap between what
# is considered affected and the fix.
highest_affected = "3.5.1.209";
fix = "3.6.0.244";
if (ver_compare(ver:version, fix:highest_affected, strict:FALSE) <= 0)
{
port = get_kb_item("SMB/transport");
if (isnull(port))
port = 445;
items = make_array("Installed version", version,
"Fixed version", fix,
"Path", path
);
order = make_list("Path", "Installed version", "Fixed version");
report = report_items_str(report_items:items, ordered_fields:order);
security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
exit(0);
}
else
audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);
Vendor | Product | Version | CPE |
---|---|---|---|
adobe | creative_cloud | cpe:/a:adobe:creative_cloud |
9.4 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:C/A:N
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
0.288 Low
EPSS
Percentile
96.9%