CVE-2022-23202

Name of the Vulnerable Software and Affected Versions Adobe Creative Cloud Desktop version 2.7.0.13 and earlier

Description The issue is related to an uncontrolled search path element in the Adobe Creative Cloud Desktop Application, which could allow an attacker to execute arbitrary code in the context of the current user. Exploitation requires user interaction, where a victim must download a malicious DLL file. The attacker must deliver the DLL to the same folder as the installer, making it a high complexity attack vector.

Recommendations For Adobe Creative Cloud Desktop version 2.7.0.13 and earlier, update to a version later than 2.7.0.13 to resolve the issue. As a temporary workaround, consider restricting the execution of files from untrusted sources and avoid downloading DLL files from unknown locations. Restrict access to the installer folder to minimize the risk of exploitation.