Bulletin ID
Security update available for Adobe Creative Cloud Desktop Application | APSB23-21
|
Date Published |
Priority |
---|---|---|
APSB23-21 |
March 14, 2023 |
3 |
Summary
Adobe has released an update for the Creative Cloud Desktop for Windows and macOS. This update includes a fix for a critical vulnerability that could lead to arbitrary code execution in the context of the current user.
Affected versions
Product |
Affected version |
Platform |
Creative Cloud Desktop Application |
5.9.1 and earlier version |
Windows |
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
Product |
Updated version |
Platform |
Priority rating |
Availability |
Creative Cloud Desktop Application |
5.10 |
Windows |
3 |
Vulnerability details
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Numbers |
|
---|---|---|---|---|---|
Untrusted Search Path (CWE-426) |
Arbitrary code execution |
Critical |
8.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
CVE-2023-26358 |
Acknowledgments:
Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers:
- Will Dormann - CVE-2023-26358
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.