A vulnerability in a third-party component of Adobe Dreamweaver could allow an attacker to execute arbitrary code if a user is coerced into opening a malicious file.

This vulnerability is classified as a dependency on a vulnerable third-party component (CWE-1395). It requires user interaction, where an attacker must trick a victim into opening a specially crafted file to execute arbitrary code within the user's current context.

The CVSS score of 8.6 indicates a high-severity risk. Successful exploitation could lead to full system compromise, allowing an attacker to install programs, view, change, or delete sensitive data, or create new accounts with full user rights on the local machine.

Immediate Action: Update Adobe Dreamweaver to version 21.8 or later immediately.

Proactive Monitoring: Monitor endpoint activity for unusual process execution or unauthorized file system modifications occurring within the Dreamweaver application environment.

Compensating Controls: Implement organizational policies to restrict opening files from untrusted or unknown sources, and utilize endpoint protection software to scan files before they are accessed.

Public Exploit Available: false

While the vulnerability requires user interaction, the impact of arbitrary code execution makes this a critical update. All users and administrators should ensure that Adobe Dreamweaver is updated to the latest version to mitigate this risk effectively.