CVE-2020-24447: 
Adobe Lightroom Classic vulnerability analysis and mitigation

Adobe Lightroom Classic version 10.0 and earlier for Windows is affected by an uncontrolled search path vulnerability identified as CVE-2020-24447. The vulnerability was disclosed on December 10, 2020, and affects the Windows version of Adobe Lightroom Classic (NVD, ZDNet).

The vulnerability is classified as an uncontrolled search path element vulnerability (CWE-427). It received a CVSS v3.1 Base Score of 7.0 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. Under CVSS v2.0, it received a Base Score of 3.7 (LOW) with the vector: (AV:L/AC:H/Au:N/C:P/I:P/A:P) (NVD).

If successfully exploited, this vulnerability could result in arbitrary code execution in the context of the current user. The exploitation requires user interaction, specifically requiring a victim to open a malicious file (NVD, Bleeping Computer).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version through Help > Check for Updates, download full update installers from Adobe's Download Center, or allow automatic updates. IT administrators can deploy updates via enterprise installers available through Adobe's public FTP server or using Windows/macOS remote management solutions (Bleeping Computer).