Bulletin ID
Security update available for Adobe Creative Cloud Desktop Application | APSB21-41
|
Date Published |
Priority |
---|---|---|
ASPB21-41 |
June 08, 2021 |
3 |
Summary
Affected versions
Product |
Affected version |
Platform |
Creative Cloud Desktop Application (Installer) |
2.4 and earlier version |
Windows and macOS |
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
Product |
Updated version |
Platform |
Priority rating |
Availability |
Creative Cloud Desktop Application (installer) |
2.5 |
Windows and macOS |
3 |
Vulnerability Details
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Numbers |
|
---|---|---|---|---|---|
Creation of Temporary File in Directory with Incorrect Permissions (CWE-379) |
Arbitrary file system write |
Important |
6.1 |
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-28633 |
Uncontrolled Search Path Element (CWE-427) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-28594 |
Acknowledgments
Adobe would like to thank the following for reporting this issue and for working with Adobe to help protect our customers.
- CQY of Topsec Alpha Team (yjdfy) (CVE-2021-28633)
- Dhiraj Mishra (CVE-2021-28594)
Revisions
June 15, 2021: Updated CVSS base score and CVSS vector for CVE-2021-28633.
For more information, visit https://helpx.adobe.com/security.html , or email PSIRT@adobe.com