cnvd - cnvd-2016-02250

cnvd-2016-02250

Vulnerability from cnvd

Title

Adobe Creative Cloud Desktop JavaScript API for Creative Cloud Libraries存在未明漏洞

Description

Adobe Creatie Cloud Desktop是美国奥多比（Adobe）公司的一套用于在Creative云会员管理中心管理应用程序和服务的应用程序。基于Windows和Macintosh平台的Adobe Creative Cloud Desktop 3.5.1.209及之前版本的JavaScript API for Creative Cloud Libraries中的Sync Process中存在安全漏洞，远程攻击者可利用该漏洞读取或写入任意文件。

Severity

中

Patch Name

Adobe Creative Cloud Desktop JavaScript API for Creative Cloud Libraries存在未明漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://helpx.adobe.com/security/products/creative-cloud/apsb16-11.html

Reference

https://helpx.adobe.com/security/products/creative-cloud/apsb16-11.html

Impacted products

Name
Adobe Creative Cloud Desktop Application <=3.5.1.209

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1034"
    }
  },
  "description": "Adobe Creatie Cloud Desktop\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u5728Creative\u4e91\u4f1a\u5458\u7ba1\u7406\u4e2d\u5fc3\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u548c\u670d\u52a1\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\n\u57fa\u4e8eWindows\u548cMacintosh\u5e73\u53f0\u7684Adobe Creative Cloud Desktop 3.5.1.209\u53ca\u4e4b\u524d\u7248\u672c\u7684JavaScript API for Creative Cloud Libraries\u4e2d\u7684Sync Process\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u6216\u5199\u5165\u4efb\u610f\u6587\u4ef6\u3002",
  "discovererName": "Roger Chen of the University of California, Berkeley, and Lokihardt working with Trend Micro\u0027s ZDI",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://helpx.adobe.com/security/products/creative-cloud/apsb16-11.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-02250",
  "openTime": "2016-04-18",
  "patchDescription": "Adobe Creatie Cloud Desktop\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u5728Creative\u4e91\u4f1a\u5458\u7ba1\u7406\u4e2d\u5fc3\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u548c\u670d\u52a1\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\n\u57fa\u4e8eWindows\u548cMacintosh\u5e73\u53f0\u7684Adobe Creative Cloud Desktop 3.5.1.209\u53ca\u4e4b\u524d\u7248\u672c\u7684JavaScript API for Creative Cloud Libraries\u4e2d\u7684Sync Process\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u6216\u5199\u5165\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Creative Cloud Desktop JavaScript API for Creative Cloud Libraries\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Adobe Creative Cloud Desktop Application \u003c=3.5.1.209"
  },
  "referenceLink": "https://helpx.adobe.com/security/products/creative-cloud/apsb16-11.html",
  "serverity": "\u4e2d",
  "submitTime": "2016-04-15",
  "title": "Adobe Creative Cloud Desktop JavaScript API for Creative Cloud Libraries\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2016-1034 (GCVE-0-2016-1034)

Vulnerability from cvelistv5

Published

2016-04-12 23:00

Modified

2024-08-05 22:38

Severity ?

CWE

Summary

The Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop Application before 3.6.0.244 allows remote attackers to read or write to arbitrary files via unspecified vectors.

References

URL

Tags

	https://helpx.adobe.com/security/products/creative-cloud/apsb16-11.html	x_refsource_CONFIRM
	http://www.zerodayinitiative.com/advisories/ZDI-16-235	x_refsource_MISC