====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN409
_____________________________________________________________________

DATE                : 17/07/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe Creative Cloud Desktop
                       Application versions prior to 5.2.

=====================================================================
https://helpx.adobe.com/security/products/creative-cloud/apsb20-33.html
_____________________________________________________________________

Security update available for Adobe Creative Cloud Desktop Application |
APSB20-33
Bulletin ID 	Date Published 	Priority
APSB20-33 	July 14, 2020 	2


Summary

Adobe has released a security update for Creative Cloud Desktop
Application for Windows. This update addresses critical and important
vulnerabilities.  Successful exploitation could lead to arbitrary file
system write and privilege escalation in the context of the current
user.



Affected versions


Product 	Affected version 	Platform

Creative Cloud Desktop Application 	5.1 and earlier versions
	Windows

Note:

To check the version of the Adobe Creative Cloud desktop app:

    Launch the Creative Cloud desktop app and sign in with your Adobe ID
    Click the gear icon and choose Preferences > General

To check the version of the Adobe Creative Cloud desktop app (5.0 or later):

    Launch the Creative Cloud desktop app and sign in with your Adobe ID
    Click the Help menu and choose “About Creative Cloud”


Solution

Adobe categorizes this update with the following priority rating and
recommends users update their installation to the newest version:

Product 	Updated version 	Platform 	Priority rating 	Availability

Creative Cloud Desktop Application 	5.2 	Windows
	2 	Download Center


The latest Creative Cloud Desktop App installer can be downloaded from
the Download Center.


Vulnerability Details

Vulnerability Category 	Vulnerability Impact 	Severity 	CVE Numbers

Lack of Exploit Mitigations 	Privilege escalation  	Important 	CVE-2020-9669

Insecure File permissions	Privilege escalation  	Important
	CVE-2020-9671
Symlink vulnerability           Privilege escalation	Important
	CVE-2020-9670
Symlink vulnerability        Arbitrary file system write  Critical
	CVE-2020-9682


Acknowledgments

Adobe would like to thank the following individuals and organizations
for reporting the relevant issues and for working with Adobe to help
protect our customers:

    Xavier DANEST – Decathlon (CVE-2020-9671) 
    Zhongcheng Li(CK01) of Topsec Alpha Team (CVE-2020-9669,
CVE-2020-9670, CVE-2020-9682)


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================