PT-2018-1330 · Adobe · Dreamweaver

Published

2018-05-13

Updated

2018-06-22

CVE-2018-4924

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Adobe Dreamweaver CC versions 18.0 and earlier

Description The issue is related to an OS Command Injection vulnerability in the HTML editor of Adobe Dreamweaver CC, which is caused by the failure to neutralize special elements used in operating system commands. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Recommendations For Adobe Dreamweaver CC versions 18.0 and earlier, update to a version later than 18.0 to resolve the issue. As a temporary workaround, consider restricting the use of the HTML editor until a patch is available.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2018-00828

CVE-2018-4924

Affected Products

Dreamweaver

PT-2018-1330 · Adobe · Dreamweaver

CVE-2018-4924

Weakness Enumeration

Related Identifiers

Affected Products

References · 6