====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN589
_____________________________________________________________________

DATE                : 21/10/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Windows, macOS running Adobe Dreamweaver versions
                                    prior to  20.2.

=====================================================================
https://helpx.adobe.com/security/products/dreamweaver/apsb20-55.html
_____________________________________________________________________

Security update available for Adobe Dreamweaver | APSB20-55
Bulletin ID     Date Published          Priority
APSB20-55       October 20, 2020     	3


Summary

Adobe has released a security update for Adobe Dreamweaver.  This update
resolves a vulnerability rated important. Successful exploitation could
lead to privilege escalation in the context of the current user.


Affected Versions

Product                 Affected Versions            Platform
Adobe Dreamweaver  	20.2 and earlier versions    Windows and macOS


Solution

Adobe categorizes this update with the following priority rating and
recommends users to use latest builds for new installation via the
Creative Cloud desktop app updater, or by navigating to the Dreamweaver
Help menu and clicking "Updates." For more information, please reference
this help page. 


Product             Updated Version    Platform         Priority rating
Adobe Dreamweaver        21.0         Windows and macOS        3

Note:

Note:  For managed environments, IT administrators can use the Creative
Cloud Packager to create deployment packages. Refer to this
help page for more information on the Creative Cloud Packager.  


Vulnerability Details

Vulnerability Category 	Vulnerability Impact 	Severity    CVE Numbers

Uncontrolled Search Path Element  Privilege Escalation  Important
CVE-2020-24425


Updates to dependencies

Dependency 	Vulnerability Impact    	Affected Version
libCURL    Privilege escalation    Dreamweaver 20.1 and earlier versions


Acknowledgements

Adobe would like to thank Xavier DANEST from Decathlon for reporting
these issues and working with Adobe to help protect our customers.



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================