CVE-2022-23202
Adobe Creative Cloud Desktop Uncontrolled Search Path Element Arbitrary code execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must download a malicious DLL file. The attacker has to deliver the DLL on the same folder as the installer which makes it as a high complexity attack vector.
Adobe Creative Cloud Desktop versiones 2.7.0.13 (y anteriores), está afectada por una vulnerabilidad de Elemento de Ruta de Búsqueda no Controlada que podría resultar en una ejecución de código arbitrario en el contexto del usuario actual. Es requerida una interacción del usuario para explotar este problema, ya que la víctima debe descargar un archivo DLL malicioso. El atacante tiene que entregar el DLL en la misma carpeta que el instalador, lo que lo convierte en un vector de ataque de alta complejidad
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-12 CVE Reserved
- 2022-02-16 CVE Published
- 2024-09-16 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://helpx.adobe.com/security/products/creative-cloud/apsb22-11.html | 2022-02-24 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Adobe Search vendor "Adobe" | Creative Cloud Desktop Application Search vendor "Adobe" for product "Creative Cloud Desktop Application" | <= 2.7.0.13 Search vendor "Adobe" for product "Creative Cloud Desktop Application" and version " <= 2.7.0.13" | - |
Affected
|