The Indian computer emergency response team under the IT ministry has issued a new warning for Adobe Apps users.
High severity warning is for Adobe Afters and Adobe Creative Cloud users.
As per warning, the problem of writing beyond the limit has been reported in Adobe After Effects which can be exploited by a remote striker to run the arbitrary code in the current user context.
The warning also mentions that the problem of uncontrolled search path elements has been reported in the Adobe Creative Cloud Desktop application that can be exploited by long-distance attackers.
This warning is for users who use Adobe After Effects 22.1.1 and the previous version, and Adobe Creative Cloud Desktop App 2.7.0.12 and the previous version.
According to warnings, the vulnerability in Adobe After Effects is because of the problem of writing beyond limits.
A remote striker can exploit this vulnerability by creating a special file and then deceiving the victim to open it using affected software.
Successful exploitation of this vulnerability can allow remote attackers to execute the arbitrary code in the current context.
When it comes to the Adobe Creative Cloud Desktop application, the vulnerability is because of the problem in an uncontrolled search path element.
Remote striker can exploit this vulnerability by creating a .dil file specifically made on sharing the remote SMB file and then cheats the victim to run the installer file from the long distance.
Successful exploitation of this vulnerability can allow long-distance striker to execute the arbitrary code in the current user context to avoid exploitation, users must update the Adobe application on their devices.
The official website of the Indian computer emergency response has a link that can guide you to the update page for the application mentioned above.
If you use this Adobe application, you might be under the risk of ‘high’
