Adobe Creative Cloud AdobeExtensionService.exe local privilege escalation vulnerability
CVE-2023-26358

7.8HIGH

Key Information:

Vendor: Adobe
Status: Creative Cloud (desktop component)
Vendor: CVE Published:; 22 March 2023

Summary

The Adobe Creative Cloud application is susceptible to an Untrusted Search Path vulnerability, which could allow attackers to execute malicious programs by manipulating the search path for critical resources. An attacker could direct the application to execute their own files instead of the legitimate ones, potentially leading to unauthorized access to sensitive information or modifications of critical application configurations. This issue poses significant risks to users as it affects the integrity and security of the software's environment.

Affected Version(s)

Creative Cloud (desktop component) <= 5.9.1

Creative Cloud (desktop component) <= unspecified

References

https://helpx.adobe.com/security/products/creative-cloud/...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 22, 2023
Vulnerability Reserved
Feb 22, 2023