Unquoted search path in Adobe Photoshop - CVE-2017-3005
Published: April 11, 2017 / Updated: April 11, 2017
Vulnerability identifier: #VU6250
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-3005
CWE-ID: CWE-428
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Adobe
Affected software:
Adobe Photoshop
Adobe Photoshop
Detailed vulnerability description
The vulnerability allows a local user to elevate his privileges
The vulnerability exists due to the way the application opens files. A local user can place a malicious file on the directory along with Photoshop file and execute it with elevated privileges.
Successful exploitation of the vulnerability may allow an attacker to escalate privileges on the system.
The vulnerability exists due to the way the application opens files. A local user can place a malicious file on the directory along with Photoshop file and execute it with elevated privileges.
Successful exploitation of the vulnerability may allow an attacker to escalate privileges on the system.
How to mitigate CVE-2017-3005
Update Adobe Photoshop CC 2017 to version 18.1.
Update Adobe Photoshop CC 2015.5 to version 17.0.2 (2015.5.2).
Update Adobe Photoshop CC 2015.5 to version 17.0.2 (2015.5.2).