CVE-2021-28633: Adobe Creative Cloud Installer Arbitrary File Write
First published: Tue Aug 24 2021(Updated: )
Adobe Creative Cloud Desktop Application (installer) version 2.4 (and earlier) is affected by an Insecure temporary file creation vulnerability. An attacker could leverage this vulnerability to cause arbitrary file overwriting in the context of the current user. Exploitation of this issue requires physical interaction to the system.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Creative Cloud Desktop Application | <=2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-28633?
CVE-2021-28633 has a moderate severity rating due to the potential for arbitrary file overwriting.
How do I fix CVE-2021-28633?
To fix CVE-2021-28633, update the Adobe Creative Cloud Desktop Application to version 2.5 or later.
What versions of Adobe Creative Cloud Desktop Application are affected by CVE-2021-28633?
CVE-2021-28633 affects Adobe Creative Cloud Desktop Application version 2.4 and all earlier versions.
Can CVE-2021-28633 be exploited remotely?
CVE-2021-28633 requires local access to exploit, as it involves arbitrary file overwriting in the context of the current user.
What kind of attack can be carried out using CVE-2021-28633?
An attacker can leverage CVE-2021-28633 to overwrite files in the current user's environment, potentially causing data loss or disruption.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- agent/severity
- agent/references
- agent/title
- agent/author
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/adobe
- canonical/adobe creative cloud desktop application
- version/adobe creative cloud desktop application/2.4