====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN171
_____________________________________________________________________

DATE                : 26/03/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Windows running Adobe Creative Cloud Desktop
                           Application versions prior to 5.1.

=====================================================================
https://helpx.adobe.com/security/products/creative-cloud/apsb20-11.html
_____________________________________________________________________

Security update available for Creative Cloud Desktop Application | APSB20-11

Bulletin ID 	Date Published 	Priority
APSB20-11 	March 24, 2020 	2


Summary

Adobe has released a security update for the Adobe Creative Cloud
Desktop Application for Windows. This update addresses a critical
vulnerability.  Successful exploitation could lead to arbitrary file
deletion.


Affected versions


Product 	Affected version 	Platform

Creative Cloud Desktop Application 	5.0 and earlier versions
	Windows

Note:

To check the version of the Adobe Creative Cloud desktop app:

    Launch the Creative Cloud desktop app and sign in with your Adobe ID
    Click the gear icon and choose Preferences > General

To check the version of the Adobe Creative Cloud desktop app (5.0 or
later):

    Launch the Creative Cloud desktop app and sign in with your Adobe ID
    Click the Help menu and choose “About Creative Cloud”


Solution

Adobe categorizes this update with the following priority rating and
recommends users update their installation to the newest version:


Product 	Updated version 	Platform 	Priority rating 	Availability

Creative Cloud Desktop Application 	5.1 	Windows
	2 	Download Center


The latest Creative Cloud Desktop App installer can be downloaded from
the Download Center.


Vulnerability Details

Vulnerability Category 	Vulnerability Impact 	Severity     CVE Numbers

Time-of-check to time-of-use (TOCTOU) race condition    Arbitrary File
Deletion	Critical 	CVE-2020-3808


Acknowledgments

Adobe would like to thank the following individuals and organizations
for reporting the relevant issues and for working with Adobe to help
protect our customers:

    Jiadong Lu of South China University of Technology and Zhiniang Peng
of Qihoo 360 Core Security (@edwardzpeng)  


Revisions

March 26, 2020: Updated the download link for Creative Cloud Desktop
Application.


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================