This script is Copyright (C) 2016 Tenable Network Security, Inc.
An application installed on the remote host is affected by multiple
The version of Adobe Creative Cloud Desktop installed on the remote
Windows host is prior to 184.108.40.2062. It is, therefore, affected by
multiple vulnerabilities :
- An untrusted search path vulnerability exists in the
installer due to looking for specific files or libraries
in the current working directory which may not be
trusted or under user control. A local attacker can
exploit this, via a specially crafted library (DLL)
file, to inject and execute arbitrary code in the
context of the current user. (CVE-2016-4157)
- An unquoted search path vulnerability exists in
AdobeUpdateService.exe that allows a local attacker to
inject and execute arbitrary code via an executable in
the %SYSTEMDRIVE% directory. (CVE-2016-4158)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
See also :
Upgrade to Adobe Creative Cloud Desktop version 220.127.116.112 or later.
Risk factor :
Medium / CVSS Base Score : 6.9
CVSS Temporal Score : 5.4
Public Exploit Available : true