Headline
CVE-2023-26358: Adobe Security Bulletin
Creative Cloud version 5.9.1 (and earlier) is affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts.
Security update available for Adobe Creative Cloud Desktop Application | APSB23-21
Bulletin ID
Date Published
Priority
APSB23-21
March 14, 2023
3
Summary
Adobe has released an update for the Creative Cloud Desktop for Windows and macOS. This update includes a fix for a critical vulnerability that could lead to arbitrary code execution in the context of the current user.
Affected versions
Creative Cloud Desktop Application
5.9.1 and earlier version
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
Product
Updated version
Platform
Priority rating
Availability
Creative Cloud Desktop Application
5.10
Windows
3
Download Center
Vulnerability details
Vulnerability Category
Vulnerability Impact
Severity
CVSS base score
CVSS vector
CVE Numbers
Untrusted Search Path (CWE-426)
Arbitrary code execution
Critical
8.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2023-26358
Acknowledgments:
Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers:
- Will Dormann - CVE-2023-26358
For more information, visit https://helpx.adobe.com/security.html, or email [email protected].