Adobe Creative Cloud Desktop < Multiple Vulnerabilities (APSB17-13)

Critical Nessus Plugin ID 99366


An application installed on the remote host is affected by multiple vulnerabilities.


The version of Adobe Creative Cloud Desktop installed on the remote Windows host is prior to It is, therefore, affected by the following vulnerabilities :

- An unspecified flaw exists in the installation process due to improper usage of resource permissions that allows an unauthenticated, remote attacker to have an unspecified impact. (CVE-2017-3006)

- An information disclosure vulnerability exists due to using insecure directory search paths when locating resources. An unauthenticated, remote attacker can exploit this to disclose sensitive information, which potentially could be used to facilitate further remote code execution attacks. (CVE-2017-3007)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Upgrade to Adobe Creative Cloud Desktop version or later.

See Also

Plugin Details

Severity: Critical

ID: 99366

File Name: adobe_creative_cloud_4_0_0_185.nasl

Version: $Revision: 1.3 $

Type: local

Agent: windows

Family: Windows

Published: 2017/04/14

Modified: 2017/08/14

Dependencies: 91388

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 9.8

Temporal Score: 9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:adobe:creative_cloud

Required KB Items: installed_sw/Adobe Creative Cloud

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/04/11

Vulnerability Publication Date: 2017/04/11

Reference Information

CVE: CVE-2017-3006, CVE-2017-3007

BID: 97555, 97558

OSVDB: 155276, 155277

IAVA: 2017-A-0093