Main Vulnerability Database Vulnerabilities #VU29752

#VU29752 Insecure DLL loading in Genuine Integrity Service - CVE-2020-9681

Published: July 14, 2020

Vulnerability identifier: #VU29752

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-9681

CWE-ID: CWE-427

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Genuine Integrity Service

Software vendor:
Adobe

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner. A local user can place a specially crafted .dll file into a writable directory on the system and then trick the application to load the malicious .dll file.

Successful exploitation of the vulnerability may allow an attacker to gain escalated privileges on the system.

Remediation

Install updates from vendor's website.

External links

https://helpx.adobe.com/security/products/integrity_service/apsb20-42.html