Improper certificate validation in Creative Cloud Desktop Application

#VU14539 Improper certificate validation in Creative Cloud Desktop Application

Published: 2018-08-28 | Updated: 2018-08-28

Vulnerability identifier: #VU14539

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-12829

CWE-ID: CWE-295

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Creative Cloud Desktop Application
Universal components / Libraries / Software for developers

Vendor: Adobe

Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to improper certificate validation. A local attacker can supply specially crafted certificate, gain elevated privileges and perform further attacks.

Mitigation
Update to version 4.6.1.

Vulnerable software versions

Creative Cloud Desktop Application: 4.5.0.324 - 4.6.0.384

CPE

cpe:2.3:a:adobe:creative_cloud_desktop_application:4.6.0.384:*:*:*:*:*:*:*

External links
http://helpx.adobe.com/security/products/creative-cloud/apsb18-32.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Privilege escalation in Adobe Creative Cloud Desktop Application