Multiple vulnerabilities in Adobe Genuine Service
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2020-9667 CVE-2020-9681 CVE-2020-9668 |
| CWE-ID | CWE-427 CWE-59 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Genuine Integrity Service Client/Desktop applications / Other client software |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Insecure DLL loading
EUVDB-ID: #VU29751
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-9667
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local user can place a specially crafted .dll file into a writable directory on the system and then trick the application to load the malicious .dll file.
Successful exploitation of the vulnerability may allow an attacker to gain escalated privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGenuine Integrity Service: 6.0 - 6.6
External linkshttp://helpx.adobe.com/security/products/integrity_service/apsb20-42.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Insecure DLL loading
EUVDB-ID: #VU29752
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-9681
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local user can place a specially crafted .dll file into a writable directory on the system and then trick the application to load the malicious .dll file.
Successful exploitation of the vulnerability may allow an attacker to gain escalated privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsGenuine Integrity Service: 6.0 - 6.6
External linkshttp://helpx.adobe.com/security/products/integrity_service/apsb20-42.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Link following
EUVDB-ID: #VU29755
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-9668
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the way application handles symbolic links. A local user can create a specially crafted symlink to an arbitrary file on the system and overwrite that files with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsGenuine Integrity Service: 6.0 - 6.6
External linkshttp://helpx.adobe.com/security/products/integrity_service/apsb20-42.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
