CVE-2022-23202

📊 7.0 HIGH⚡ 7.3%🎯 0 exploits

📅 Published Feb 16, 2022

📋 Status: Modified

Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must download a malicious DLL file. The attacker has to deliver the DLL on the same folder as the installer which makes it as a high complexity attack vector.

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

1 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	adobe	creative cloud desktop application	≤ 2.7.0.13	Vulnerable	cpe:2.3:a:adobe:creative_cloud_desktop_application::::::::

📱

adobe / creative cloud desktop application

Application

Vulnerable

Version: ≤ 2.7.0.13

CPE:

cpe:2.3:a:adobe:creative_cloud_desktop_application:*:*:*:*:*:*:*:*

Metrics

7.0 HIGHCVSS v3.1[email protected]

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector:

LOCAL

Complexity:

HIGH

Privileges:

NONE

User Interaction:

REQUIRED

Confidentiality:

HIGH

Integrity:

HIGH

Availability:

HIGH

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Modified

CVSS Details

7.0 (HIGH)v3.1

Source: [email protected]

EPSS Details

7.3% (Minimal)91.2th percentile

Last updated: Oct 30, 2025

Exploitation probability within 30 days

Published Date

Feb 16, 2022 (3 years ago)

Last Modified

Nov 21, 2024 (11 months ago)

Security Weaknesses1

CWE-427

References2

NVDpatch