CVE-2020-24422

Adobe Creative Cloud Desktop Application (Windows) 5.2 and earlier, and 2.1 and earlier, is affected by an uncontrolled search path vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file. A patch is avail...

CVE-2018-12829

Adobe Creative Cloud Desktop Application prior to version 4.6.1 contains an improper certificate validation vulnerability that could lead to privilege escalation. Affected product: Adobe Creative Cloud Desktop Application (Windows/macOS) with 4.6.0 and earlier. Root cause: improper certificate va...

CVE-2023-26358

The CVE-2023-26358 issue affects Adobe Creative Cloud Desktop (Windows) versions 5.9.1 and earlier, caused by an Untrusted Search Path that could let an attacker point the application to a malicious resource and execute arbitrary code. Descriptions consistently state local execution potential wit...

CVE-2016-6935

Adobe Creative Cloud Desktop on Windows is affected by CVE-2016-6935 due to an unquoted Windows search path in versions prior to 3.8.0.310, enabling local privilege escalation via a Trojan horse executable placed in the SYSTEMDRIVE root. The advisory APSB16-34 recommends updating to 3.8.0.310 to ...

CVE-2016-1034

The CVE-2016-1034 issue affects Adobe Creative Cloud Desktop (Windows/Mac) with the JavaScript API for Creative Cloud Libraries. The Sync Process in this API, prior to version 3.6.0.244 (and affected 3.5.x up to 3.5.1.209 on some entries), can be exploited to read or write arbitrary files on the ...

CVE-2016-4157

CVE-2016-4157 affects Adobe Creative Cloud Desktop Application for Windows prior to 3.7.0.272. The issue is an untrusted search path vulnerability in the installer , enabling local users to gain privileges via a Trojan horse resource in an unspecified directory. This CVE is part of a set describe...

CVE-2019-7093

CVE-2019-7093 affects Adobe Creative Cloud Desktop Application installer (Windows) versions 4.7.0.400 and earlier, due to insecure DLL loading (DLL hijacking) in the installer. Exploitation could lead to privilege escalation. Remediation: update to 4.8.0.410 or newer per APSB19-11. If details var...

CVE-2020-3808

Adobe Creative Cloud Desktop (Windows) is affected by CVE-2020-3808: a time‑of‑check to time‑of‑use (TOCTOU) race condition in versions 5.0 and earlier that can lead to arbitrary file deletion. The issue is documented in APSB20-11; a fix is available in 5.1.x (e.g., 5.1.0.407 as referenced by Nes...

CVE-2020-9669

CVE-2020-9669 affects Adobe Creative Cloud Desktop Application 5.1 and earlier. Root cause: lack of exploit mitigations enabling privilege escalation. Impact: could escalate privileges within the user context. Public details come from Adobe’s APSB20-33 advisory and related vendor/NVD entries. Rem...

CVE-2018-5003

Adobe Creative Cloud Desktop Application installer (Windows) prior to version 4.5.5.342 is affected by an insecure library loading (DLL hijacking) vulnerability (CVE-2018-5003). The root cause is DLL loading during installation, enabling privilege escalation if an attacker can place a malicious l...

CVE-2019-7958

CVE-2019-7958 affects Adobe Creative Cloud Desktop Application 4.6.1 and earlier. The NVD entry describes an insecure inherited permissions issue that could lead to privilege escalation, with a CVSS v3 impact of High/High/High (CRITICAL overall). Connected sources corroborate the affected product...

CVE-2019-7959

Adobe Creative Cloud Desktop Application (Windows/macOS)

CVE-2019-8063

Summary: CVE-2019-8063 affects Adobe Creative Cloud Desktop Application 4.6.1 and earlier, with an insecure transmission of sensitive data that could lead to information leakage. The issue is confirmed in multiple sources (NVD entry for CVE-2019-8063; Adobe APSB19-39 security update). Affected pr...

CVE-2019-7957

CVE-2019-7957 affects Adobe Creative Cloud Desktop Application versions 4.6.1 and earlier. The vulnerability is described as a security bypass with the stated impact of denial of service on successful exploitation. Connected sources also indicate APSB19-39 security updates for Windows and macOS, ...

CVE-2019-8236

Adobe Creative Cloud Desktop Application version 4.6.1 and earlier is affected by a Security Bypass vulnerability that can lead to privilege escalation in the context of the current user. Affected product/component: Creative Cloud Desktop Application on Windows/macOS ≤ 4.6.1.393. Root cause is a ...

CVE-2021-28581

Adobe Creative Cloud Desktop 3.5 and earlier is affected by an Uncontrolled Search Path vulnerability that can lead to local privilege escalation. The root cause is an uncontrolled search path element in the application's runtime, enabling a high-privilege context to be gained on the local machin...

CVE-2017-3006

CVE-2017-3006 affects Adobe Creative Cloud/Desktop (Adobe Thor) ≤ 3.9.5.353. Root cause: improper/resource-permission handling during the Creative Cloud desktop installation, enabling privilege escalation. Impact per sources: network-accessible vector with high confidentiality/integrity/availabil...

CVE-2018-4991

Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable improper certificate validation vulnerability (CVE-2018-4991) that could lead to a security bypass. Affected product: Creative Cloud Desktop. Root cause: improper certificate validation. Impact: security b...

CVE-2017-3007

Adobe Creative Cloud Desktop (Windows) prior to 4.0.0.185 is affected by CVE-2017-3007 in Adobe Thor 3.9.5.353 and earlier, due to an insecure directory search path used to locate resources within Creative Cloud desktop applications. The issue is addressed by the APSB17-13 security update (and re...

CVE-2018-4992

Adobe Creative Cloud Desktop Application 4.4.1.298 and earlier is vulnerable to an improper input validation flaw (CVE-2018-4992) that could lead to local privilege escalation; CVE-2018-4991 and CVE-2018-4873 are related issues noted in the APSB18-12 advisory. The OpenVAS/NVD entries corroborate ...

CVE-2018-4873

CVE-2018-4873 affects Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier. The root cause is an unquoted search path, enabling local privilege escalation if exploited. Public sources describe this as an elevation of privilege vulnerability in Creative Cloud with potential impa...

CVE-2016-4158

Adobe Creative Cloud Desktop on Windows prior to 3.7.0.272 is affected by CVE-2016-4158 (unquoted Windows search path) allowing local privilege escalation via a Trojan horse executable in %SYSTEMDRIVE%. Related CVE-2016-4157 affects installer search paths. The issue is addressed by the APSB16-21 ...

CVE-2025-64896

CVE-2025-64896 affects Creative Cloud Desktop versions 6.4.0.361 and earlier. The vulnerability is a Creation of Temporary File in Directory with Incorrect Permissions (CWE-379) that could cause application denial-of-service. Exploitation requires a user to open a malicious file, enabling local i...

CVE-2025-54271

CVE-2025-54271 affects Adobe Creative Cloud Desktop 6.7.0.278 and earlier. It is a Time-of-check Time-of-use (TOCTOU) race condition that could allow arbitrary file system writes by a low-privileged attacker, with no user interaction required. Connected sources (Red Hat, NVD, ENISA/EUVD, CNVD, et...