CVE-2024-34116
Adobe Creative Cloud App Install Arbitrary Folder Delete Vulnerability can be abuse to Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to load and execute malicious libraries, leading to arbitrary file delete. Exploitation of this issue requires user interaction.
Las versiones 6.1.0.587 y anteriores de Creative Cloud Desktop se ven afectadas por una vulnerabilidad de elemento de ruta de búsqueda no controlada que podría provocar la omisión de una característica de seguridad. Un atacante podría aprovechar esta vulnerabilidad para cargar y ejecutar librerías maliciosas, lo que provocaría la eliminación arbitraria de archivos. La explotación de este problema requiere la interacción del usuario.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-04-30 CVE Reserved
- 2024-06-13 CVE Published
- 2024-07-20 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://helpx.adobe.com/security/products/creative-cloud/apsb24-44.html | 2024-07-19 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Adobe Search vendor "Adobe" | Creative Cloud Desktop Application Search vendor "Adobe" for product "Creative Cloud Desktop Application" | < 6.2.0.554 Search vendor "Adobe" for product "Creative Cloud Desktop Application" and version " < 6.2.0.554" | - |
Affected
| ||||||