Main Vulnerability Database Vulnerabilities #VU29751

#VU29751 Insecure DLL loading in Genuine Integrity Service - CVE-2020-9667

Published: July 14, 2020

Vulnerability identifier: #VU29751

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-9667

CWE-ID: CWE-427

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Genuine Integrity Service

Software vendor:
Adobe

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local user can place a specially crafted .dll file into a writable directory on the system and then trick the application to load the malicious .dll file.

Successful exploitation of the vulnerability may allow an attacker to gain escalated privileges on the system.

Remediation

Install updates from vendor's website.

External links

https://helpx.adobe.com/security/products/integrity_service/apsb20-42.html

#VU29751 Insecure DLL loading in Genuine Integrity Service - CVE-2020-9667

Description

Remediation

External links

Please verify you're human