Adobe Creative Cloud <= 3.5.1.209 Arbitrary File Read/Write Vulnerability (Mac OS X)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote host is affected by an
arbitrary file read/write vulnerability.

Description :

The version of Adobe Creative Cloud installed on the remote Mac OS X
host is prior or equal to 3.5.1.209. It is, therefore, affected by a
flaw in the JavaScript API for Creative Cloud Libraries due to an
exposed service. An unauthenticated, remote attacker can exploit this
to read or write arbitrary files on the host file system.

See also :

https://helpx.adobe.com/security/products/creative-cloud/apsb16-11.html
http://www.zerodayinitiative.com/advisories/ZDI-16-235/

Solution :

Upgrade to Adobe Creative Cloud version 3.6.0.244 or later.

Risk factor :

High / CVSS Base Score : 9.4
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N)
CVSS Temporal Score : 7.8
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 91387 ()

Bugtraq ID: 86001

CVE ID: CVE-2016-1034

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now