Bulletin ID
Security update available for Adobe Creative Cloud Desktop Application | APSB22-11
Bulletin ID |
Date Published |
Priority |
---|---|---|
ASPB22-11 |
February 8, 2022 |
3 |
Adobe has released an update for the Creative Cloud Installer for Windows. This update includes a fix for a critical vulnerability that could lead to arbitrary code execution in the context of the current user.
Product |
Affected version |
Platform |
Creative Cloud Desktop Application (Installer) |
2.7.0.13 and earlier versions |
Windows |
To check the version of the Adobe Creative Cloud Desktop Application (Installer):
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
Product |
Updated version |
Platform |
Priority rating |
Availability |
Creative Cloud Desktop Application (Installer) |
2.7.0.15 |
Windows |
3 |
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Numbers |
|
---|---|---|---|---|---|
Uncontrolled Search Path Element (CWE-427) |
Arbitrary code execution |
Critical |
7.0 |
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2022-23202 |
Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers:
February 8, 2022; Updated acknowledgment details for CVE-2022-23202
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.
Sign in to your account