Vulnerabilities > CVE-2021-36002 - Exposure of Resource to Wrong Sphere vulnerability in Adobe Captivate

CVSS 7.3 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

adobe

CWE-668

NVD

Published: 2021-09-01

Updated: 2022-10-27

Summary

Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. The attacker must plant a malicious file in a particular location of the victim's machine. Exploitation of this issue requires user interaction in that a victim must launch the Captivate Installer.

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Captivate - Adobe Captivate 2.0 Adobe Captivate 3.0 Adobe Captivate 4.0 Adobe Captivate 5.0.0.596 Adobe Captivate 9.0 Adobe Captivate 11.5.1.499	7

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://helpx.adobe.com/security/products/captivate/apsb21-60.html