Adobe Creative Cloud Desktop, a widely popular application suite for content creation and management, has been identified to contain an Uncontrolled Search Path Element vulnerability in its versions 6.1..587 and earlier. This security loophole could enable an attacker to bypass security features, load, and execute malicious libraries that could lead to arbitrary file deletes on a victim's system. This article discusses the details of the vulnerability (CVE-2024-34116), the affected software, potential attack scenarios, and recommended mitigation steps based on original references and research. Please note that exploitation of this issue does require user interaction.

Affected Software

Adobe Creative Cloud Desktop versions 6.1..587 and earlier are affected by this vulnerability, and users of these versions are urged to update their software as soon as possible. To check the version of your Creative Cloud Desktop software, follow these steps:

The version number will be displayed in the "About" window.

Note that if your version is among the versions affected by this vulnerability (6.1..587 and earlier), it is critical to update your software immediately.

Vulnerability Details (CVE-2024-34116)

An Uncontrolled Search Path Element vulnerability exists within the affected versions of Adobe Creative Cloud Desktop software. This vulnerability allows an attacker to exploit the software by loading and executing malicious libraries, which could lead to arbitrary file deletes on a user's system.

Here is a code snippet illustrating how an attacker could load a malicious library using this vulnerability:

#include <windows.h>
#include <stdio.h>

BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved){
    switch (ul_reason_for_call){
        case DLL_PROCESS_ATTACH:
            MessageBox(NULL, "Malicious library loaded!", "Exploit", MB_OK);
            break;
    }
    return TRUE;
}

In this code snippet, the malicious library displays a message box upon loading, but it could be easily altered to execute different, more harmful actions, such as deleting files or more.

Exploit Scenario

An attacker crafts a malicious library (*.dll) and sends it to their target victim via email or other communication methods. The victim, unaware of the malicious nature of the file, saves it to their computer (typically in the Downloads folder or Desktop). The attacker then convinces the victim to perform an action in the affected Creative Cloud Desktop software that triggers loading the malicious library (e.g., opening a specific project file or installing a rogue plugin). Upon loading the library, the attacker bypasses the security features and has the ability to conduct arbitrary file deletion and other harmful activities on the victim's system.

Adobe has released a security update to address this vulnerability, and users are advised to update their Creative Cloud Desktop software to the latest version immediately. To update your software, follow the steps mentioned below:

The software will check for available updates and apply them accordingly.

Continual awareness of emerging security threats and maintaining software patches and updates is crucial to ensure the integrity of your system and data.

- Adobe Security Bulletin
- CVE-2024-34116 Details

Timeline

Published on: 06/13/2024 12:15:11 UTC
Last modified on: 07/19/2024 17:40:23 UTC