CERT RENATER
Nous contacter
- Mail : cert@support.renater.fr
- Web : Pages du CERT
- Tél : 01.53.94.20.44
- Fax : 01.53.94.20.31
=================================================================== CERT-Renater Note d'Information No. 2016/VULN254 _____________________________________________________________________ DATE : 15/06/2016 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Adobe Creative Cloud Desktop Application versions prior to 3.7.0.272. ====================================================================== https://helpx.adobe.com/security/products/creative-cloud/apsb16-21.html ____________________________________________________________________ Adobe Security Bulletin Security update available for the Creative Cloud Desktop Application Release date: June 14, 2016 Vulnerability identifier: APSB16-21 Priority: 3 CVE number: CVE-2016-4157, CVE-2016-4158 Platform: Windows Summary Adobe has released a security update for the Creative Cloud Desktop Application for Windows. This update resolves an untrusted search path vulnerability in the Creative Cloud Desktop Application installer, and an unquoted service path enumeration vulnerability in the Creative Cloud Desktop Application. Affected versions Product Affected version Platform Creative Cloud Desktop Application Creative Cloud 3.6.0.248 and earlier versions Windows Solution Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version: Product Updated version Platform Priority rating Creative Cloud Desktop Application Creative Cloud 3.7.0.272 Windows 3 Creative Cloud 3.7.0.272 installer will be available starting on June 13th, 2016. For more details, visit https://www.adobe.com/creativecloud/desktop-app.html. For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages as described in the workflow documented here. Refer to this help page for more information on the Creative Cloud Packager. Vulnerability Details This update resolves a vulnerability in the directory search path used to find resources that could lead to code execution (CVE-2016-4157). This update resolves an unquoted service path enumeration vulnerability in the Creative Cloud Desktop Application(CVE-2016-4158). Acknowledgments Adobe would like to thank the following individuals and organizations for reporting these issues and for working with Adobe to help protect our customers: YoKo Kho and Dicky (@dickysOfficial) of MII - CAS Dept (CVE-2016-4157). Cyril Vallicari / Ug_0 Security and Security team Netservice de Toekomst (CVE-2016-4158). ========================================================== Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ========================================================== [An attachment of type application/pkcs7-signature was included here]