New Search

Multiple vulnerabilities on Creative Cloud Desktop Application version 5.3 (and earlier)

oval:org.cisecurity:def:8929

Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction. (CVE-2021-21068) Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction. (CVE-2021-21078) Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a local privilege escalation vulnerability that could allow an attacker to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. (CVE-2021-21069 CVE-2021-28547)

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2016
  • Microsoft Windows 10
  • Microsoft Windows Server 2019
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012 R2
Class:
vulnerability
Reference(s):
  • ASPB21-18
  • CVE-2021-21068
  • CVE-2021-21078
  • CVE-2021-21069
  • CVE-2021-28547
Product(s):
  • Adobe Creative Cloud