Privilege escalation in Adobe Creative Cloud Desktop Application

Published: 2018-08-28
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2018-12829
Exploitation vector Local
Public exploit N/A
Vulnerable software
Creative Cloud Desktop Application
Universal components / Libraries / Software for developers

Vendor Adobe

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper certificate validation

EUVDB-ID: #VU14539

Risk: Low


CVE-ID: CVE-2018-12829

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No


The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to improper certificate validation. A local attacker can supply specially crafted certificate, gain elevated privileges and perform further attacks.


Update to version 4.6.1.

Vulnerable software versions

Creative Cloud Desktop Application: -

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?