CVE-2016-4158

CWE-2643 documents3 sources
Severity
7.3HIGH
EPSS
1.6%
top 18.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Creative Cloud
Timeline
PublishedJun 16
Latest updateMay 17

Description

Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages1 packages

NVDadobe/creative_cloud3.6.0.248

🔴Vulnerability Details

2
GHSA
GHSA-4xvq-75x5-m8vq: Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 32022-05-17
CVEList
CVE-2016-4158: Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 32016-06-16
CVE-2016-4158 (HIGH CVSS 7.3) | Unquoted Windows search path vulner | cvebase.io