Risk | High |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2016-6935 |
CWE-ID | CWE-427 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Creative Cloud Desktop Application Universal components / Libraries / Software for developers |
Vendor | Adobe |
Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU934
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6935
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated user to execute arbitrary code on the targeted system.
The weakness is due to an unquoted search path in the affected software. By persuading the victim to view a specially crafted PDF file, attackers can load the application or execute arbirtary code.
Successful exploitation of the vulnerability will result in arbitrary code execution on the vulnerable system.
Update to version 3.8.0.310.
Creative Cloud Desktop Application: 3.5.0.206 - 3.7.0.272
External linkshttp://helpx.adobe.com/security/products/creative-cloud/apsb16-34.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.