An improper access control flaw in Adobe Dreamweaver Desktop allows attackers to perform unauthorized file system reads, requiring user interaction to execute.

This vulnerability involves improper access control that could lead to arbitrary file system reads. The exploit requires user interaction, specifically the opening of a maliciously crafted file, which then triggers the unauthorized access to the local file system.

With a CVSS score of 8.2, this vulnerability could allow attackers to access sensitive local files, including configuration files or credentials stored on the user's machine. This presents a high risk to users who may unknowingly open malicious projects or files, leading to significant information disclosure.

Immediate Action: Update Adobe Dreamweaver to version 21.8 or later as specified in security advisory APSB26-62.

Proactive Monitoring: Ensure endpoint detection and response (EDR) tools are configured to monitor for unusual file system access patterns initiated by the Dreamweaver process.

Compensating Controls: Train users to exercise caution when opening files from untrusted sources and maintain updated anti-malware software on all workstations.

Public Exploit Available: false

All users of Dreamweaver Desktop should upgrade to version 21.8 immediately to remediate this access control flaw. Given that exploitation requires user interaction, security awareness training is a vital secondary defense to prevent users from opening untrusted files.