Headline
CVE-2021-43017: Adobe Security Bulletin
Adobe Creative Cloud version 5.5 (and earlier) are affected by an Application denial of service vulnerability in the Creative Cloud Desktop installer. An authenticated attacker could leverage this vulnerability to achieve denial of service in the context of the user. User interaction is required before product installation to abuse this vulnerability.
Security update available for Adobe Creative Cloud Desktop Application | APSB21-111
Bulletin ID
Date Published
Priority
ASPB21-111
November 9, 2021
3
Summary
Adobe has released an update for the Creative Cloud Desktop for Windows and macOS. This update includes a fix for an important vulnerability that could lead to application denial of service in the context of the current user.
Affected versions
Creative Cloud Desktop Application
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
Product
Updated version
Platform
Priority rating
Availability
Creative Cloud Desktop Application
5.6
macOS
3
Download Center
Vulnerability Details
Vulnerability Category
Vulnerability Impact
Severity
CVSS base score
CVSS vector
CVE Numbers
Creation of Temporary File in Directory with Incorrect Permissions
(CWE-379)
Application denial-of-service
Important
7.0
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
CVE-2021-43017
Acknowledgments
Adobe would like to thank CQY of Topsec Alpha Team (yjdfy) for reporting this issue and for working with Adobe to help protect our customers.
Revisions
November 11, 2021: Updated vulnerability details for CVE-2021-43017
For more information, visit https://helpx.adobe.com/security.html, or email [email protected].