Adobe Creative Cloud <= Arbitrary File Read/Write Vulnerability

High Nessus Plugin ID 91386


An application installed on the remote host is affected by an arbitrary file read/write vulnerability.


The version of Adobe Creative Cloud installed on the remote Windows host is prior or equal to It is, therefore, affected by a flaw in the JavaScript API for Creative Cloud Libraries due to an exposed service. An unauthenticated, remote attacker can exploit this to read or write arbitrary files on the host file system.


Upgrade to Adobe Creative Cloud version or later.

See Also

Plugin Details

Severity: High

ID: 91386

File Name: adobe_creative_cloud_3_6_0_244.nasl

Version: $Revision: 1.4 $

Type: local

Agent: windows

Family: Windows

Published: 2016/05/31

Modified: 2016/06/27

Dependencies: 91388

Risk Information

Risk Factor: High


Base Score: 9.4

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:adobe:creative_cloud

Required KB Items: installed_sw/Adobe Creative Cloud

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/04/12

Vulnerability Publication Date: 2016/04/12

Reference Information

CVE: CVE-2016-1034

BID: 86001

OSVDB: 136944

ZDI: ZDI-16-235