CVE-2021-21078

Summary

Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction

Affected Software

VendorProductVersion RangeStatus
AdobeCreative Cloud (desktop component)unspecified <= 5.3affected
AdobeCreative Cloud (desktop component)unspecified <= Noneaffected

Weaknesses

  • CWE-426: Untrusted Search Path (CWE-426)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References