====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN153
_____________________________________________________________________

DATE                : 10/03/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe Creative Cloud Desktop
                      Application versions prior to 5.4.

=====================================================================
https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html
_____________________________________________________________________

Security update available for Adobe Creative Cloud Desktop Application |
APSB21-18

Bulletin ID 	Date Published 	Priority
ASPB21-18	March 09, 2021 	3


Summary

Adobe has released a security update for the Creative Cloud Desktop
Application for Windows.  This update resolves multiple
critical vulnerabilities that could lead to arbitrary code execution in
the context of current user.


Affected versions

Product 	Affected version 	Platform

Creative Cloud Desktop Application	5.3 and earlier version
	Windows and Mac OS


Solution

Adobe categorizes this update with the following priority rating and
recommends users update their installation to the newest version:

Product   Updated version   Platform 	Priority rating   Availability

Creative Cloud Desktop Application 	5.4 	Windows and Mac OS
	3 	Download Center 


Vulnerability Details

Vulnerability Category 	Vulnerability Impact 	Severity    CVE Numbers

Arbitrary file overwrite  Arbitrary Code Execution  Critical CVE-2021-21068

OS Command Injection	Arbitrary Code Execution    Critical
	CVE-2021-21078

Improper Input Validation	Privilege escalation 	Critical
	CVE-2021-21069


Acknowledgments

Adobe would like to thank the following researchers for reporting this
issue and for working with Adobe to help protect our customers.

    Yjdfy (CVE-2021-21068)
    Rookuu working with Trend Micro Zero Day Initiative (CVE-2021-21069)
    Sebastian Fuchs from Star Finanz (CVE-2021-21078)



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================