Insecure Library Loading Vulnerability in Adobe Creative Cloud Desktop Application
CVE-2018-5003

7.8HIGH

Key Information:

Vendor
Adobe
Status
Adobe Creative Cloud Desktop Application Before 4.5.5.342
Vendor
CVE Published:
29 August 2018

Summary

The Adobe Creative Cloud Desktop Application prior to version 4.5.5.342 contains a vulnerability that allows insecure library loading, commonly referred to as DLL hijacking. This issue can be exploited by attackers to execute unofficial libraries, potentially leading to a privilege escalation scenario. Users are advised to update to the latest version to mitigate the risk associated with this vulnerability.

Affected Version(s)

Adobe Creative Cloud Desktop Application before 4.5.5.342 Adobe Creative Cloud Desktop Application before 4.5.5.342

References

http://www.securityfocus.com/bid/105065
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041469
vdb-entryx_refsource_SECTRACK
https://helpx.adobe.com/security/products/creative-cloud/...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.