Lucene search

AdobeCVE-2016-4158

HistoryJun 16, 2016 - 2:59 p.m.

CVE-2016-4158

2016-06-1614:59:40

CWE-264

adobe

web.nvd.nist.gov

cve-2016-4158

unquoted search path

adobe creative cloud

privilege escalation

nvd

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

49.6%

JSON

Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.

Affected configurations

Nvd

Node

microsoftwindows

AND

adobecreative_cloudRange≤3.6.0.248

VendorProductVersionCPE
microsoftwindows*cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
adobecreative_cloud*cpe:2.3:a:adobe:creative_cloud:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows	*	cpe:2.3:o:microsoft:windows::::::::
adobe	creative_cloud	*	cpe:2.3:a:adobe:creative_cloud::::::::

References

helpx.adobe.com/security/products/creative-cloud/apsb16-21.html

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

49.6%

JSON

Related for CVE-2016-4158