CVE-2024-34116

CWE-4273 documents3 sources

Severity

7.1HIGH

EPSS

0.0%

top 90.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Creative Cloud Desktop Application Adobe Creative Cloud Desktop

Timeline

PublishedJun 13

Description

Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to load and execute malicious libraries, leading to arbitrary file delete. Exploitation of this issue requires user interaction.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

▶NVDadobe/creative_cloud_desktop_application< 6.2.0.554

▶CVEListV5adobe/creative_cloud_desktop6.1.0.587

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-v865-6qv6-w5m2: Creative Cloud Desktop versions 6↗2024-06-13

▶

CVEList

Adobe Creative Cloud App Install Arbitrary Folder Delete Vulnerability can be abuse to Privilege Escalation↗2024-06-13

▶