Main Vulnerability Database SB2016101204

SB2016101204 - Arbitrary code execution in Adobe Creative Cloud Desktop Application

Published: October 12, 2016 Updated: October 13, 2016

Security Bulletin ID SB2016101204

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Arbitrary code execution (CVE-ID: CVE-2016-6935)

The vulnerability allows a remote unauthenticated user to execute arbitrary code on the targeted system.
The weakness is due to an unquoted search path in the affected software. By persuading the victim to view a specially crafted PDF file, attackers can load the application or execute arbirtary code.
Successful exploitation of the vulnerability will result in arbitrary code execution on the vulnerable system.

Remediation

Install update from vendor's website.

References

https://helpx.adobe.com/security/products/creative-cloud/apsb16-34.html