SB2018050807 - Multiple vulnerabilities in Adobe Creative Cloud Desktop Application
Published: May 8, 2018
Security Bulletin ID
SB2018050807
Severity
Low
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2018-4992)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists due to insufficient input validation. A local attacker can supply specially crafted input and gain elevated privileges.
2) Insecure DLL loading (CVE-ID: CVE-2018-4873)
The vulnerability allows a local attacker to gain elevated privileges on vulnerable system.
The weakness exists due to insecure .dll loading mechanism when opening files. A local attacker can place a file along with specially crafted .dll file on a remote SBM or WebDAV share and execute arbitrary code on the target system with elevated privileges.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
3) Improper certificate validation (CVE-ID: CVE-2018-4991)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to improper certificate validation. A remote attacker can supply specially crafted certificate, bypass security restrictions and perform further attacks.
Remediation
Install update from vendor's website.