CVE-2021-40776
Adobe Lightroom Classic DLL Hijacking Local Privilege Escalation Vulnerability
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability.
Adobe Lightroom Classic versiones 10.3 (y anteriores), están afectados por una vulnerabilidad de escalada de privilegios en el instalador de Lightroom Classic sin conexión. Un atacante autenticado podría aprovechar esta vulnerabilidad para escalar privilegios. Es requerida la interacción del usuario antes de la instalación del producto para abusar de esta vulnerabilidad
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-09-08 CVE Reserved
- 2022-06-15 CVE Published
- 2024-01-06 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-379: Creation of Temporary File in Directory with Insecure Permissions
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://helpx.adobe.com/security/products/lightroom/apsb21-97.html | 2022-11-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Adobe Search vendor "Adobe" | Lightroom Search vendor "Adobe" for product "Lightroom" | < 10.4 Search vendor "Adobe" for product "Lightroom" and version " < 10.4" | classic |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Lightroom Search vendor "Adobe" for product "Lightroom" | < 10.4 Search vendor "Adobe" for product "Lightroom" and version " < 10.4" | classic |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|