Published: 25/03/2020 Updated: 27/03/2020

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Creative Cloud Desktop Application versions 5.0 and previous versions have a time-of-check to time-of-use (toctou) race condition vulnerability. Successful exploitation could lead to arbitrary file deletion.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe creative_cloud

Adobe debuts disk-cleaning tool cleverly disguised as an arbitrary file deletion bug in Creative Cloud on Windows

The Register • Shaun Nichols in San Francisco • 24 Mar 2020

Patch this flaw, unless you want random docs to wipe out your work It's 2020 and hackers are still hijacking Windows PCs by exploiting font parser security holes. No patch, either

Adobe has issued a patch for a critical flaw that can be exploited to delete files from Windows computers running the Creative Cloud client. Dubbed CVE-2020-3808, the vulnerability is a classic time-of-check-to-time-of-use flaw where, by exploiting a race condition, a miscreant could potentially trick the system into deleting work-in-progress files and other data-destroying shenanigans. "Successful exploitation could lead to arbitrary File Deletion in the context of the current user," Adobe said...

CVE-2020-3808

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect