====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN673
_____________________________________________________________________

DATE                : 09/12/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Windows running Adobe Lightroom versions
                                  prior to 10.1.

=====================================================================
https://helpx.adobe.com/security/products/lightroom/apsb20-74.html
_____________________________________________________________________

Security Updates Available for Adobe Lightroom | APSB20-74
Bulletin ID 	Date Published       Priority
ASPB20-74       December 08, 2020      	3


Summary

Adobe has released updates for Adobe Lightroom Classic for Windows and
macOS. This update addresses a critical vulnerability. Successful
exploitation could lead to arbitrary code execution in the context of
the current user.


Affected Versions

Product             Version                    Platform
Lightroom Classic   10.0 and earlier versions  Windows


Solution

Adobe categorizes these updates with the following priority ratings and
recommends users update their installation to the newest version via the
Creative Cloud desktop app’s update mechanism.  For more information,
please reference this help page.


Product       Version   Platform    Priority Rating     Availability
Lightroom Classic    10.1   Windows and macOS    3 	Download Center

For managed environments, IT administrators can use the Admin Console to
deploy Creative Cloud applications to end users. Refer to this help page
for more information.


Vulnerability details

Vulnerability Category 	Vulnerability Impact   Severity    CVE Numbers
Uncontrolled Search Path Element  Arbitrary Code Execution   Critical
                                                       CVE-2020-24447

Acknowledgments

Adobe would like to thank Hou JingYi (@hjy79425575) of Qihoo 360
CERT for reporting these issues and for working with Adobe to help
protect our customers.


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================