Adobe CC Desktop 6.1.0.587 Uncontrolled Search Path CVE-2024-34116
CVE-2024-34116 Published on June 13, 2024

Adobe Creative Cloud App Install Arbitrary Folder Delete Vulnerability can be abuse to Privilege Escalation
Creative Cloud Desktop versions 6.1.0.587 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to load and execute malicious libraries, leading to arbitrary file delete. Exploitation of this issue requires user interaction.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2024-34116 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a DLL preloading Vulnerability?

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

CVE-2024-34116 has been classified to as a DLL preloading vulnerability or weakness.


Products Associated with CVE-2024-34116

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-34116 are published in Adobe Creative Cloud Desktop Application:

Adobe Creative Cloud Desktop Application
 

Affected Versions

Adobe Creative Cloud Desktop: adobe creative_cloud_desktop_application:

Exploit Probability

EPSS
0.03%
Percentile
9.15%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.