Vulnerabilities > CVE-2021-43017 - Creation of Temporary File in Directory with Incorrect Permissions vulnerability in Adobe Creative Cloud Desktop Application

CVSS 4.2 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

adobe

CWE-379

NVD

Published: 2021-11-18

Updated: 2022-02-02

Summary

Adobe Creative Cloud version 5.5 (and earlier) are affected by an Application denial of service vulnerability in the Creative Cloud Desktop installer. An authenticated attacker with root privileges could leverage this vulnerability to achieve denial of service by planting a malicious file on the victim's local machine. User interaction is required before product installation to abuse this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Creative Cloud Desktop Application - Adobe Creative Cloud Desktop Application 2.4 Adobe Creative Cloud Desktop Application 2.5 Adobe Creative Cloud Desktop Application 2.7.0.13 Adobe Creative Cloud Desktop Application 5.1 Adobe Creative Cloud Desktop Application 5.2 Adobe Creative Cloud Desktop Application 5.4 Adobe Creative Cloud Desktop Application 5.5	8
OS	Apple Apple Macos -	1

Common Weakness Enumeration (CWE)

CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions

References

https://helpx.adobe.com/security/products/creative-cloud/apsb21-111.html