#VU934 Arbitrary code execution in Creative Cloud Desktop Application - CVE-2016-6935
Published: October 12, 2016 / Updated: October 13, 2016
Vulnerability identifier: #VU934
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-6935
CWE-ID: CWE-427
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Creative Cloud Desktop Application
Creative Cloud Desktop Application
Software vendor:
Adobe
Adobe
Description
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the targeted system.
The weakness is due to an unquoted search path in the affected software. By persuading the victim to view a specially crafted PDF file, attackers can load the application or execute arbirtary code.
Successful exploitation of the vulnerability will result in arbitrary code execution on the vulnerable system.
The weakness is due to an unquoted search path in the affected software. By persuading the victim to view a specially crafted PDF file, attackers can load the application or execute arbirtary code.
Successful exploitation of the vulnerability will result in arbitrary code execution on the vulnerable system.
Remediation
Update to version 3.8.0.310.