SB2020071419 - Multiple vulnerabilities in Adobe Genuine Service

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020071419

SB2020071419 - Multiple vulnerabilities in Adobe Genuine Service

Published: July 14, 2020

Security Bulletin ID SB2020071419
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Insecure DLL loading (CVE-ID: CVE-2020-9667)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local user can place a specially crafted .dll file into a writable directory on the system and then trick the application to load the malicious .dll file.

Successful exploitation of the vulnerability may allow an attacker to gain escalated privileges on the system.


2) Insecure DLL loading (CVE-ID: CVE-2020-9681)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local user can place a specially crafted .dll file into a writable directory on the system and then trick the application to load the malicious .dll file.

Successful exploitation of the vulnerability may allow an attacker to gain escalated privileges on the system.


3) Link following (CVE-ID: CVE-2020-9668)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way application handles symbolic links. A local user can create a specially crafted symlink to an arbitrary file on the system and overwrite that files with elevated privileges.


Remediation

Install update from vendor's website.

References