Adobe Creative Cloud <= Arbitrary File Read/Write Vulnerability (Mac OS X)

High Nessus Plugin ID 91387


An application installed on the remote host is affected by an arbitrary file read/write vulnerability.


The version of Adobe Creative Cloud installed on the remote Mac OS X host is prior or equal to It is, therefore, affected by a flaw in the JavaScript API for Creative Cloud Libraries due to an exposed service. An unauthenticated, remote attacker can exploit this to read or write arbitrary files on the host file system.


Upgrade to Adobe Creative Cloud version or later.

See Also

Plugin Details

Severity: High

ID: 91387

File Name: macosx_adobe_creative_cloud_3_6_0_244.nasl

Version: $Revision: 1.4 $

Type: local

Agent: macosx

Published: 2016/05/31

Modified: 2016/06/27

Dependencies: 91389

Risk Information

Risk Factor: High


Base Score: 9.4

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:adobe:creative_cloud

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, installed_sw/Creative Cloud

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/04/12

Vulnerability Publication Date: 2016/04/12

Reference Information

CVE: CVE-2016-1034

BID: 86001

OSVDB: 136944

ZDI: ZDI-16-235