Adobe Creative Cloud Desktop < 184.108.40.206 Multiple Vulnerabilities (APSB17-13)
Critical Nessus Plugin ID 99366
SynopsisAn application installed on the remote host is affected by multiple vulnerabilities.
DescriptionThe version of Adobe Creative Cloud Desktop installed on the remote Windows host is prior to 220.127.116.11. It is, therefore, affected by the following vulnerabilities :
- An unspecified flaw exists in the installation process due to improper usage of resource permissions that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2017-3006)
- An information disclosure vulnerability exists due to using insecure directory search paths when locating resources. An unauthenticated, remote attacker can exploit this to disclose sensitive information, which potentially could be used to facilitate further remote code execution attacks. (CVE-2017-3007)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Adobe Creative Cloud Desktop version 18.104.22.168 or later.