PT-2021-2521 · Adobe · Adobe Creative Cloud Desktop Application

Rookuu

Published

2021-03-09

Updated

2021-09-08

CVE-2021-21069

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Adobe Creative Cloud Desktop Application versions 5.3 and earlier

Description The issue is related to insufficient input validation in the Adobe Creative Cloud Desktop Application, which can lead to a local privilege escalation. This allows an attacker to perform high-privileged actions by calling functions against the installer. Notably, exploitation of this issue does not require any user interaction.

Recommendations For Adobe Creative Cloud Desktop Application versions 5.3 and earlier, update to a version later than 5.3 to resolve the issue. As a temporary workaround, consider restricting access to the installer to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2021-01924

CVE-2021-21069

ZDI-21-281

Affected Products

Adobe Creative Cloud Desktop Application

PT-2021-2521 · Adobe · Adobe Creative Cloud Desktop Application

CVE-2021-21069

Weakness Enumeration

Related Identifiers

Affected Products

References · 8