1 Reply Latest reply on Jun 16, 2016 6:03 AM by cwinning

    Adobe Creative Cloud - any chance of getting this added to the approved product list?

    Kelly.Walsingham Rookie

      There has been a vulnerability announced for this that my company now needs to start patching.

      See details below:

      Title:
      Security update available for the Creative Cloud Desktop Application (APSB16-21)
      Tracking ID:

      Reported Date/Time:
      14 Jun 2016 21:16:00 UTC
      Risk:
      4
      Audience:
      Core Members, Analysts, Basic Members, FSISAC Customer Service, MSP Members, Premier Members, Standard Members
      Special Handling:
      None
      Handling Instructions:
      None: There are no additional special handling instructions.
      Summary:
      Adobe has released a security update for the Creative Cloud Desktop Application for Windows.
      Business Impact:
      Arbitrary Code Execution
      Enumeration Vulnerability
      Severity:
      2 - Minimal Impact (Normal)
      Urgency:
      2 - Action Recommended
      Credibility:
      5-Verified
      Vendor(s):
      Adobe
      Product(s):

      Description:
      CVE-2016-4157
      This update resolves a vulnerability in the directory search path used to find resources that could lead to code execution.

      CVE-2016-4158
      This update resolves an unquoted service path enumeration vulnerability in the Creative Cloud Desktop Application.


      Adobe categorizes this update with the following priority rating:
      Priority 3: This update resolves vulnerabilities in a product that has historically not been a target for attackers. Adobe recommends administrators install the update at their discretion.

      Software Affected:
      Creative Cloud 3.6.0.248 and earlier versions [Windows]
      Corrective Action:
      Creative Cloud 3.7.0.272 installer will be available starting on June 13th, 2016. For more details, visit https://www.adobe.com/creativecloud/desktop-app.html.

      For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages as described in the workflow documented here.

      Source(s):
      https://helpx.adobe.com/security/products/creative-cloud/apsb16-21.html

      Advisory Id:

      CVE Number:
      CVE-2016-4157
      CVE-2016-4158