Published: 25/03/2020 Updated: 27/03/2020
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Vulnerability Summary

Creative Cloud Desktop Application versions 5.0 and previous versions have a time-of-check to time-of-use (toctou) race condition vulnerability. Successful exploitation could lead to arbitrary file deletion.

Vulnerability Trend

Affected Products

Vendor Product Versions
AdobeCreative Cloud5.0

Vendor Advisories

<!-- version component --> Security update available for Creative Cloud Desktop Application | APSB20-11 Semantic table{width:100%} Semantic table th{border:0px; font-size:13px; font-weight: 300; vertical-align: top; padding-left: 8px; background-color: #EFEFEF;} Semantic table td{border:0px; font-size: ...

Recent Articles

Adobe debuts disk-cleaning tool cleverly disguised as an arbitrary file deletion bug in Creative Cloud on Windows
The Register • Shaun Nichols in San Francisco • 24 Mar 2020

Patch this flaw, unless you want random docs to wipe out your work

Adobe has issued a patch for a critical flaw that can be exploited to delete files from Windows computers running the Creative Cloud client.
Dubbed CVE-2020-3808, the vulnerability is a classic time-of-check-to-time-of-use flaw where, by exploiting a race condition, a miscreant could potentially trick the system into deleting work-in-progress files and other data-destroying shenanigans.
"Successful exploitation could lead to arbitrary File Deletion in the context of the current user,...

Critical Adobe Flaw Fixed in Out-of-Band Security Update
Threatpost • Lindsey O'Donnell • 24 Mar 2020

Adobe has released an out-of-band patch for a critical vulnerability in its Creative Cloud Desktop Application for Windows. The flaw can be exploited by an attacker to delete specific arbitrary files on the victim’s system.
Creative Cloud acts as a central console for desktop users to quickly launch, manage and update their Adobe apps, such as Photoshop, Acrobat, Illustrator and more. Specifically affected is the Creative Cloud desktop application version 5.0 and earlier; Adobe has made ...