Multiple vulnerabilities in Adobe Digital Editions
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2017-11274 CVE-2017-11272 CVE-2017-3091 CVE-2017-11275 CVE-2017-11276 CVE-2017-11277 CVE-2017-11278 CVE-2017-11279 CVE-2017-11280 |
| CWE-ID | CWE-119 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Adobe Digital Editions Client/Desktop applications / Multimedia software |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU7701
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-11274
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error. A remote unauthenticated attacker can create a specially crafted file trick the victim into opening it and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 4.5.6.
Vulnerable software versionsAdobe Digital Editions : 4.5 - 4.5.5
External linkshttp://helpx.adobe.com//security/products/Digital-Editions/apsb17-27.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU7702
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-11272
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to unknown error. A remote attacker can create a specially crafted file, trick the victim into opening it and gain access to potentially sensitive information.
MitigationUpdate to version 4.5.6.
Vulnerable software versionsAdobe Digital Editions : 4.5 - 4.5.5
External linkshttp://helpx.adobe.com//security/products/Digital-Editions/apsb17-27.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory corruption
EUVDB-ID: #VU7703
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3091
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing XML entities. A remote unauthenticated attacker can create a specially crafted file, trick the victim into opening, trugger memory corruption and disclose addresses in memory.
Successful exploitation of this vulnerability may allow an attacker to gain access to potentially sensitive information.
MitigationUpdate to version 4.5.6.
Vulnerable software versionsAdobe Digital Editions : 4.5 - 4.5.5
External linkshttp://helpx.adobe.com//security/products/Digital-Editions/apsb17-27.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory corruption
EUVDB-ID: #VU7704
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-11275
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing XML entities. A remote unauthenticated attacker can create a specially crafted file, trick the victim into opening, trugger memory corruption and disclose addresses in memory.
Successful exploitation of this vulnerability may allow an attacker to gain access to potentially sensitive information.
MitigationUpdate to version 4.5.6.
Vulnerable software versionsAdobe Digital Editions : 4.5 - 4.5.5
External linkshttp://helpx.adobe.com//security/products/Digital-Editions/apsb17-27.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory corruption
EUVDB-ID: #VU7705
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-11276
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing XML entities. A remote unauthenticated attacker can create a specially crafted file, trick the victim into opening, trugger memory corruption and disclose addresses in memory.
Successful exploitation of this vulnerability may allow an attacker to gain access to potentially sensitive information.
MitigationUpdate to version 4.5.6.
Vulnerable software versionsAdobe Digital Editions : 4.5 - 4.5.5
External linkshttp://helpx.adobe.com//security/products/Digital-Editions/apsb17-27.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory corruption
EUVDB-ID: #VU7706
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-11277
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing XML entities. A remote unauthenticated attacker can create a specially crafted file, trick the victim into opening, trugger memory corruption and disclose addresses in memory.
Successful exploitation of this vulnerability may allow an attacker to gain access to potentially sensitive information.
MitigationUpdate to version 4.5.6.
Vulnerable software versionsAdobe Digital Editions : 4.5 - 4.5.5
External linkshttp://helpx.adobe.com//security/products/Digital-Editions/apsb17-27.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory corruption
EUVDB-ID: #VU7707
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-11278
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing XML entities. A remote unauthenticated attacker can create a specially crafted file, trick the victim into opening, trugger memory corruption and disclose addresses in memory.
Successful exploitation of this vulnerability may allow an attacker to gain access to potentially sensitive information.
MitigationUpdate to version 4.5.6.
Vulnerable software versionsAdobe Digital Editions : 4.5 - 4.5.5
External linkshttp://helpx.adobe.com//security/products/Digital-Editions/apsb17-27.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory corruption
EUVDB-ID: #VU7708
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-11279
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing XML entities. A remote unauthenticated attacker can create a specially crafted file, trick the victim into opening, trugger memory corruption and disclose addresses in memory.
Successful exploitation of this vulnerability may allow an attacker to gain access to potentially sensitive information.
MitigationUpdate to version 4.5.6.
Vulnerable software versionsAdobe Digital Editions : 4.5 - 4.5.5
External linkshttp://helpx.adobe.com//security/products/Digital-Editions/apsb17-27.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory corruption
EUVDB-ID: #VU7709
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-11280
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing XML entities. A remote unauthenticated attacker can create a specially crafted file, trick the victim into opening, trugger memory corruption and disclose addresses in memory.
Successful exploitation of this vulnerability may allow an attacker to gain access to potentially sensitive information.
MitigationUpdate to version 4.5.6.
Vulnerable software versionsAdobe Digital Editions : 4.5 - 4.5.5
External linkshttp://helpx.adobe.com//security/products/Digital-Editions/apsb17-27.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
