Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-3006

CWE-732 ā€” Incorrect Permission Assignment4 documents4 sources
Severity
8.8HIGH
EPSS
24.1%
top 3.94%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Adobe Creative Cloud
Timeline
PublishedApr 12
Latest updateMay 13

Description

Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

ā–¶NVDadobe/creative_cloud3.9.5.353
ā–¶CVEListV5adobe_thor_3.9.5.353_and_earlier.Adobe Thor 3.9.5.353 and earlier.

šŸ”“Vulnerability Details

2
GHSA
GHSA-p4jv-4xhx-3vm4: Adobe Thor versions 3ā†—2022-05-13
ā–¶
CVEList
CVE-2017-3006: Adobe Thor versions 3ā†—2017-04-12
ā–¶

šŸ’„Exploits & PoCs

1
Exploit-DB
Adobe Creative Cloud Desktop Application < 4.0.0.185 - Local Privilege Escalationā†—2017-04-13
ā–¶
CVE-2017-3006 (HIGH CVSS 8.8) | Adobe Thor versions 3.9.5.353 and e | cvebase.io