Unquoted Search Path Vulnerability in Adobe Photoshop Products
CVE-2017-3005

7.8HIGH

Key Information:

Vendor
Adobe
Status
Adobe Photoshop Cc 2017 (18.0.1) And Earlier, Cc 2015.5.1 (17.0.1) And Earlier.
Vendor
CVE Published:
12 April 2017

Summary

Adobe Photoshop has a vulnerability that arises from an unquoted search path issue, which could potentially enable an attacker to execute arbitrary code. This flaw primarily affects versions CC 2017 (18.0.1) and earlier as well as CC 2015.5.1 (17.0.1) and earlier. Attackers could exploit the vulnerability by placing a malicious executable in a directory that is included in the search path, leading to execution of unauthorized code. Users of affected products should review their security configurations and apply mitigations as outlined in Adobe's security advisory.

Affected Version(s)

Adobe Photoshop CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier. Adobe Photoshop CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier.

References

http://www.securityfocus.com/bid/97553
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038229
vdb-entryx_refsource_SECTRACK
https://helpx.adobe.com/security/products/photoshop/apsb1...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.