CVE-2016-1034

critical

Description

The Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop Application before 3.6.0.244 allows remote attackers to read or write to arbitrary files via unspecified vectors.

References

https://helpx.adobe.com/security/products/creative-cloud/apsb16-11.html

http://www.zerodayinitiative.com/advisories/ZDI-16-235

Details

Source: Mitre, NVD

Published: 2016-04-12

Updated: 2016-12-03

Risk Information

CVSS v2

Base Score: 9.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical