About 12 vulnerabilities have been fixed by Adobe, which were found in Creative Cloud, Media Encoder, Genuine Service, ColdFusion and Download Manager products.
As the company stated in announcement released on vulnerabilities, its version Download Manager addressed to Windows, contained a critical issue command injection, which could lead to arbitrary execution code. Adobe has fixed it.
In addition, two equally critical vulnerabilities out-of-bounds write in his publications Media Encoder for Windows and MacOS, which can lead to arbitrary code execution and one error seriousness that may lead to information disclosure, repaired by the company.
Adobe also fixed a critical vulnerability in the application Creative Cloud desktop. The security vulnerability described as vulnerability symlink, can allow one intruder to write arbitrary files to the target system. Three other vulnerabilities identified in the application, which were identified as critical, may allow privilege escalation by a malicious agent in the system.
Some privilege escalation defects that have also been identified as critical have been corrected in the service Adobe Genuine Service for Windows and macOS. These vulnerabilities are caused by "unsafe library loading" and "mismanagement of symbolic links".
In ColdFusion In 2016 and 2018, Adobe has also fixed two major DLL breach vulnerabilities that could lead to escalation of privileges. The company stated that it did not identify any exploitation of the above vulnerabilities by malicious agents, while based on their ranking in terms of priority, it does not consider it very likely that they will be targeted by an attacker.