Uncontrolled Search Path Element in AGSService.exe
CVE-2020-9667

6.5MEDIUM

Key Information:

Vendor: Adobe
Status: Gocart
Vendor: CVE Published:; 16 April 2021

Summary

Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker with admin privileges could plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.

Affected Version(s)

GoCart <= 6.6

GoCart <= unspecified

References

https://helpx.adobe.com/security/products/integrity_servi...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2021
Vulnerability Reserved
Mar 2, 2020