CVE-2022-35704 Adobe Bridge versions 12.0.2 and earlier are affected by a Use After Free vulnerability that could lead to arbitrary code execution.
An attacker could leverage social engineering to convince a victim to open an email message with a malicious file attached.
Adobe is aware of reports that indicate this vulnerability may cause application crashes if the user has not opened an email message with a malicious file attached.
Adobe is aware that some users experience an application crash after installing a new Creative Cloud application. We encourage these users to open their applications settings and select “Run in Compatibility Mode” for their newly installed application to allow them to launch their application in a mode that is less likely to cause crashes.
Adobe is aware that some users experience application crashes when trying to install new Creative Cloud applications. Adobe is investigating this issue and working to prevent it from happening.
Users can prevent application crashes caused by installing new Creative Cloud applications by opening their applications settings and selecting “Run in Compatibility Mode” for their newly installed application to allow them to launch their application in a mode that is less likely to cause crashes.
CVE-2017-2992 Adobe Creative Cloud SDK before 17.0.0.187 and 18.x before 18.0.0.94 on Windows and Mac OS X, before 17.0.0.180 and 18.x before 18.0.0.89 on Linux, and before 18.0.0.135 on Solaris has an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2017
Overview of the CVE-2017-2992
The vulnerability is a stack buffer overflow in Adobe Creative Cloud SDK before 17.0.0.187 and 18.x before 18.0.0.94 on Windows and Mac OS X, before 17.0.0.180 and 18.x before 18.0.0.89 on Linux, and before 18.0.0.135 on Solaris that could lead to information disclosure if an application using the SDK is exploited by an attacker who has access to the user’s computer during runtime of an application using the software development kit (SDK). Adobe is aware that some users experience application crashes when they try to install new Creative Cloud applications; Adobe is investigating this issue and working to prevent it from happening in future versions of the product
Summary
CVE-2022-35704 An attacker could leverage social engineering to convince a victim to open an email message with a malicious file attached. Adobe is aware of reports that indicate this vulnerability may cause application crashes if the user has not opened an email message with a malicious file attached. Adobe is aware that some users experience an application crash after installing a new Creative Cloud application. We encourage these users to open their applications settings and select “Run in Compatibility Mode” for their newly installed application to allow them to launch their application in a mode that is less likely to cause crashes. Adobe is aware that some users experience application crashes when trying to install new Creative Cloud applications. Adobe is investigating this issue and working to prevent it from happening. Users can prevent application crashes caused by installing new Creative Cloud applications by opening their applications settings and selecting “Run in Compatibility Mode” for their newly installed application to allow them to launch their application in a mode that is less likely to cause crashes.
Why are Adobe Software Security Updates important?
In order to protect its users, Adobe Software Updates are released on a regular basis. These updates make sure that the security of the software is not compromised in any way.
Adobe Software Updates are very important because they keep your software secure and updated. When you install a new Creative Cloud application, you will be given an option to update to the latest version of the software. This ensures that your software is always up-to-date and protected from potential threats or vulnerabilities that may be posed by the latest version of the software.
Timeline
Published on: 09/19/2022 16:15:00 UTC
Last modified on: 09/21/2022 13:12:00 UTC