Main Vulnerability Database Vulnerabilities #VU52186

#VU52186 Untrusted search path in RoboHelp - CVE-2021-21070

Published: April 13, 2021

Vulnerability identifier: #VU52186

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-21070

CWE-ID: CWE-426

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
RoboHelp

Software vendor:
Adobe

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way the application handles inclusion of libraries. A local user can place a malicious file into the same directory as the file, associated with the application, trick the victim into opening it and execute arbitrary code with elevated privileges.

Remediation

Install updates from vendor's website.

External links

https://helpx.adobe.com/security/products/robohelp/apsb21-20.html