Adobe Creative Cloud Desktop < 4.0.0.185 Multiple Vulnerabilities (APSB17-13)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote host is affected by multiple
vulnerabilities.

Description :

The version of Adobe Creative Cloud Desktop installed on the remote
Windows host is prior to 4.0.0.185. It is, therefore, affected by the
following vulnerabilities :

- An unspecified flaw exists in the installation process
due to improper usage of resource permissions that
allows an unauthenticated, remote attacker to have an
unspecified impact. (CVE-2017-3006)

- An information disclosure vulnerability exists due to
using insecure directory search paths when locating
resources. An unauthenticated, remote attacker can
exploit this to disclose sensitive information, which
potentially could be used to facilitate further remote
code execution attacks. (CVE-2017-3007)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://www.nessus.org/u?bf78aeb2

Solution :

Upgrade to Adobe Creative Cloud Desktop version 4.0.0.185 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 99366 ()

Bugtraq ID: 97555
97558

CVE ID: CVE-2017-3006
CVE-2017-3007

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now