Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-28581— Adobe Creative Cloud Desktop uncontrolled search path element vulnerability could lead to local privilege escalation

EPSS 0.11% · P30
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-28581

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Adobe Creative Cloud Desktop uncontrolled search path element vulnerability could lead to local privilege escalation
Source: NVD (National Vulnerability Database)
Vulnerability Description
Adobe Creative Cloud Desktop 3.5 (and earlier) is affected by an uncontrolled search path vulnerability that could result in elevation of privileges. Exploitation of this issue requires user interaction in that a victim must log on to the attacker's local machine.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对搜索路径元素未加控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Adobe Creative Cloud Desktop Application 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Adobe Creative Cloud Desktop Application是美国奥多比(Adobe)公司的一套用于在Creative云会员管理中心管理应用程序和服务的应用程序。该程序支持同步和共享文件、管理字体以及访问商业摄影和设计的资产库。 Creative Cloud Desktop Application 存在代码问题漏洞。该漏洞源于程序以不安全的方式加载库,本地用户可以在系统上放置恶意库,并以提升的特权执行任意代码。以下产品及版本受到影响:Creative Cloud Desktop App
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
AdobeCreative Cloud (desktop component) unspecified ~ 5.3 -

II. Public POCs for CVE-2021-28581

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-28581

登录查看更多情报信息。

Same Patch Batch · Adobe · 2021-09-08 · 10 CVEs total

CVE-2021-285808.8 HIGHMedium by Adobe file parsing buffer overflow vulnerability could lead to arbitrary code ex
CVE-2021-211048.8 HIGHAdobe Illustrator memory corruption vulnerability could lead to remote code execution
CVE-2021-211058.8 HIGHAdobe Illustrator memory corruption vulnerability could lead to remote code execution
CVE-2021-285718.3 HIGHAdobe After Effects improper neutralization of special elements could lead to remote code
CVE-2021-285685.8 MEDIUMAdobe Genuine Services insecure file permission could lead to privilege escalation
CVE-2021-211034.3 MEDIUMAdobe Illustrator memory corruption vulnerability could lead to information disclosure
CVE-2021-285694.3 MEDIUMAdobe Media Encoder VOB file parsing out-of-bounds read could lead to information disclosu
CVE-2021-285663.7 LOWMagento Commerce information disclosure during upload action leveraging a specially crafte
CVE-2021-28567Magento Commerce improper authorization allows an authenticated user to perform certain fu

IV. Related Vulnerabilities

Same product: Creative Cloud (desktop component)
Same vendor: Adobe
Same weakness: CWE-427

V. Comments for CVE-2021-28581

No comments yet

Leave a comment