Arbitrary code execution in Creative Cloud Desktop Application - CVE-2016-6935
Published: October 12, 2016 / Updated: October 13, 2016
Vulnerability identifier: #VU934
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-6935
CWE-ID: CWE-427
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Adobe
Affected software:
Creative Cloud Desktop Application
Creative Cloud Desktop Application
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the targeted system.
The weakness is due to an unquoted search path in the affected software. By persuading the victim to view a specially crafted PDF file, attackers can load the application or execute arbirtary code.
Successful exploitation of the vulnerability will result in arbitrary code execution on the vulnerable system.
The weakness is due to an unquoted search path in the affected software. By persuading the victim to view a specially crafted PDF file, attackers can load the application or execute arbirtary code.
Successful exploitation of the vulnerability will result in arbitrary code execution on the vulnerable system.
How to mitigate CVE-2016-6935
Update to version 3.8.0.310.