CVE-2021-28581: Adobe Creative Cloud Desktop uncontrolled search path element vulnerability could lead to local privilege escalation
First published: Wed Sep 08 2021(Updated: )
Adobe Creative Cloud Desktop 3.5 (and earlier) is affected by an uncontrolled search path vulnerability that could result in elevation of privileges. Exploitation of this issue requires user interaction in that a victim must log on to the attacker's local machine.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Creative Cloud | <=5.3 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-28581?
CVE-2021-28581 has a medium severity rating due to its potential for privilege escalation.
How do I fix CVE-2021-28581?
To fix CVE-2021-28581, users should update Adobe Creative Cloud to version 5.4 or later.
What causes CVE-2021-28581?
CVE-2021-28581 is caused by an uncontrolled search path vulnerability in Adobe Creative Cloud Desktop.
Is user interaction required to exploit CVE-2021-28581?
Yes, exploitation of CVE-2021-28581 requires user interaction, specifically the victim must log on to the attacker's machine.
Which versions of Adobe Creative Cloud are affected by CVE-2021-28581?
CVE-2021-28581 affects Adobe Creative Cloud Desktop versions 3.5 and earlier.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/severity
- agent/author
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/adobe
- canonical/adobe creative cloud
- version/adobe creative cloud/5.3
- vendor/microsoft
- canonical/microsoft windows