| CVE ID | CVE-2016-1034 |
| CVSS SCORE | 6.8, AV:N/AC:M/Au:N/C:P/I:P/A:P |
| AFFECTED VENDORS |
Adobe |
| AFFECTED PRODUCTS |
Creative Cloud |
| VULNERABILITY DETAILS |
The application exposes a services that listens on a random TCP port. The lack of authentication in the exposed service allows remote users to execute various methods from the API exposed by this service. An attacker can leverage this to execute code under the context of the current user. |
| ADDITIONAL DETAILS |
Adobe has issued an update to correct this vulnerability. More details can be found at:
https://helpx.adobe.com/security/products/creative-cloud/apsb16-11.html |
| DISCLOSURE TIMELINE |
|
| CREDIT | lokihardt |
