CVE-2018-5014 has been assigned to this issue. Adobe is aware of this vulnerability and has confirmed that there are no known attacks against it at this time. This issue has been assigned the CVE-2018-5014 has been assigned to this issue. Adobe is aware of this vulnerability and has confirmed that there are no known attacks against it at this time. This issue has been assigned the CVSS v3 rating. A CVSS v3 score of 5.5 or higher indicates a high risk for a significant vulnerability in software.
Adobe has released software updates for Adobe has released software updates for Illustrator 26.4 (released July 18, 2018) and Adobe Creative Suite 6 - 6.5 (released October 2, 2017) that address this vulnerability. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
An attacker could leverage this vulnerability to execute code as the user running the application, with the rights of that user. If a user were logged on with administrative rights, then any user could exploit the issue to potentially gain administrative rights on the system.
An attacker could host a malicious website or an application that hosts the malicious file. When a victim accesses the application or file, the application or file could execute with the rights of the user.
Security solutions should be configured to monitor for the malicious file or application and block access to it.
END Adobe has released software updates for Adobe Creative
Summary
The security issue CVE-2018-5014 has been assigned to this issue. Adobe is aware of this vulnerability and has confirmed that there are no known attacks against it at this time.
This issue has been assigned the CVSS v3 rating. A CVSS v3 score of 5.5 or higher indicates a high risk for a significant vulnerability in software.
Adobe has released software updates for Illustrator 26.4 (released July 18, 2018) and Adobe Creative Suite 6 - 6.5 (released October 2, 2017) that address this vulnerability.
An attacker could leverage this vulnerability to execute code as the user running the application, with the rights of that user. If a user were logged on with administrative rights, then any user could exploit the issue to potentially gain administrative rights on the system.
Security solutions should be configured to monitor for the malicious file or application and block access to it.
Adobe Creative Suite (CS6)
Adobe Creative Suite 6 - 6.5 Security Update
Release Date: October 2, 2017
What is the impact?
An attacker could leverage this vulnerability to execute code as the user running the application, with the rights of that user. If a user were logged on with administrative rights, then any user could exploit the issue to potentially gain administrative rights on the system.
What does Adobe do about it?
Adobe has released software updates for Adobe Creative Suite 6 - 6.5 (released October 2, 2017) and Illustrator 26.4 (released July 18, 2018) that address this vulnerability. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Vulnerability Details: CVE-2018-5014
Adobe has released software updates for Adobe Creative Suite 6 - 6.5 (released October 2, 2017) and Adobe Illustrator 26.4 (released July 18, 2018) that address this vulnerability. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
An attacker could leverage this vulnerability to execute code as the user running the application, with the rights of that user. If a user were logged on with administrative rights, then any user could exploit the issue to potentially gain administrative rights on the system.
An attacker could host a malicious website or an application that hosts the malicious file. When a victim accesses the application or file, the application or file could execute with the rights of the user.
Security solutions should be configured to monitor for the malicious file or application and block access to it.
Adobe Creative Suite 6 to 3 (CVE-2017-2636)
Adobe is aware of this vulnerability and has confirmed that there are no known attacks against it at this time. This issue has been assigned the CVE-2017-2636.
Impact of Vendor Response Time
A vendor's speed in responding to a security vulnerability is an important consideration for businesses.
Vulnerabilities discovered in software such as Adobe Creative Suite are often disclosed within hours or days of the initial discovery. The time it takes the vendor to release a software update (or other fix) is often a primary factor in determining how much risk businesses take on by continuing to use a vulnerable application in their environment.
For example, after Microsoft learned that CVE-2022-38408 existed, they released a software update for Adobe Creative Suite 6 - 6.5 within 2 hours of learning about the issue. This means that if you were using Creative Suite 6 - 6.5, you would be running with this vulnerability patched within two hours of Microsoft releasing the software update.
The timeline for when Adobe released updates was longer than most vendors. In fact, 4 days passed from the initial disclosure of this issue before Adobe released any software updates for Illustrator 26.4 and Creative Suite 6 - 6.5
Timeline
Published on: 09/16/2022 17:15:00 UTC
Last modified on: 09/20/2022 18:28:00 UTC