CVE-2020-24422: 
Adobe Creative Cloud vulnerability analysis and mitigation

Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows was identified with an uncontrolled search path vulnerability, tracked as CVE-2020-24422. The vulnerability was disclosed on October 20, 2020, and affects the Windows versions of Adobe's Creative Cloud Desktop Application (NVD, Adobe Advisory).

The vulnerability is classified as an uncontrolled search path element vulnerability (CWE-427). It received a CVSS v3.1 base score of 7.8 (High) from NIST and 7.0 (High) from Adobe Systems Incorporated. The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The impact is considered critical as it could potentially allow attackers to execute malicious code on the affected systems (Threatpost).

Adobe released security updates to address this vulnerability. Users can update their software installations via the Creative Cloud desktop app updater or by navigating to the application's Help menu and clicking 'Updates' (Threatpost).

The vulnerability was discovered and reported by security researcher Dhiraj Mishra. It was part of a larger security update from Adobe that addressed multiple critical vulnerabilities across their product portfolio (Threatpost).