Creative Cloud Desktop installer Uncontrolled Search Path element could lead to arbitrary code execution
CVE-2021-28594

7.8HIGH

Key Information:

Vendor: Adobe
Status: Prelude
Vendor: CVE Published:; 24 August 2021

What is CVE-2021-28594?

Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Uncontrolled Search Path Element vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Affected Version(s)

Prelude <= 2.4

Prelude <= unspecified

References

https://helpx.adobe.com/security/products/creative-cloud/...

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 24, 2021
Vulnerability Reserved
Mar 16, 2021