Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés
Date : Wed, 15 Jun 2016 18:15:22 +0200
Type : VULN
Sujet : CERT-Renater : 2016/VULN254 (Adobe : Security update available for the Creative Cloud Desktop Application)
===================================================================
                                 CERT-Renater

                    Note d'Information No. 2016/VULN254
_____________________________________________________________________

DATE                : 15/06/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe Creative Cloud Desktop
                       Application versions prior to 3.7.0.272.

======================================================================
https://helpx.adobe.com/security/products/creative-cloud/apsb16-21.html
____________________________________________________________________

Adobe Security Bulletin

Security update available for the Creative Cloud Desktop Application

Release date: June 14, 2016

Vulnerability identifier: APSB16-21

Priority: 3

CVE number: CVE-2016-4157, CVE-2016-4158

Platform: Windows

Summary

Adobe has released a security update for the Creative Cloud Desktop
Application for Windows. This update resolves an untrusted search path
vulnerability in the Creative Cloud Desktop Application installer, and
an unquoted service path enumeration vulnerability in the Creative
Cloud Desktop Application.


Affected versions

Product 	Affected version 	Platform

Creative Cloud Desktop
Application 	Creative Cloud 3.6.0.248 and earlier versions 	Windows


Solution

Adobe categorizes this update with the following priority rating and
recommends users update their installation to the newest version:

Product   Updated version	Platform 	Priority rating

Creative Cloud Desktop
Application Creative Cloud 	3.7.0.272 	Windows 	3

Creative Cloud 3.7.0.272 installer will be available starting on June
13th, 2016. For more details, visit
https://www.adobe.com/creativecloud/desktop-app.html.

For managed environments, IT administrators can use the Creative Cloud
Packager to create deployment packages as described in the workflow
documented here.

Refer to this help page for more information on the Creative Cloud
Packager.


Vulnerability Details

This update resolves a vulnerability in the directory search path used
to find resources that could lead to code execution (CVE-2016-4157).

This update resolves an unquoted service path enumeration vulnerability
in the Creative Cloud Desktop Application(CVE-2016-4158).

Acknowledgments

Adobe would like to thank the following individuals and organizations
for reporting these issues and for working with Adobe to help protect
our customers:

YoKo Kho and Dicky (@dickysOfficial) of MII - CAS Dept (CVE-2016-4157).

Cyril Vallicari / Ug_0 Security and Security team Netservice de
Toekomst (CVE-2016-4158).

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================

[An attachment of type application/pkcs7-signature was included here]