Multiple vulnerabilities in Adobe Digital Editions
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2018-12816 CVE-2018-12818 CVE-2018-12819 CVE-2018-12820 CVE-2018-12821 CVE-2018-12822 CVE-2018-12813 CVE-2018-12814 CVE-2018-12815 |
| CWE-ID | CWE-125 CWE-416 CWE-122 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Adobe Digital Editions Client/Desktop applications / Multimedia software |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU15222
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12816
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can trigger memory corruption and gain access to arbitrary data.
Update to version 4.5.9.
Vulnerable software versionsAdobe Digital Editions : 4.5 - 4.5.8
External linkshttp://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU15223
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12818
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can trigger memory corruption and gain access to arbitrary data.
Update to version 4.5.9.
Vulnerable software versionsAdobe Digital Editions : 4.5 - 4.5.8
External linkshttp://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU15224
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12819
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can trigger memory corruption and gain access to arbitrary data.
Update to version 4.5.9.
Vulnerable software versionsAdobe Digital Editions : 4.5 - 4.5.8
External linkshttp://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU15225
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12820
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can trigger memory corruption and gain access to arbitrary data.
Update to version 4.5.9.
Vulnerable software versionsAdobe Digital Editions : 4.5 - 4.5.8
External linkshttp://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU15226
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12821
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to out-of-bounds read. A remote attacker can trigger memory corruption and gain access to arbitrary data.
Update to version 4.5.9.
Vulnerable software versionsAdobe Digital Editions : 4.5 - 4.5.8
External linkshttp://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free error
EUVDB-ID: #VU15227
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12822
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when handling malicious input. A remote unauthenticated attacker can create a specially crafted file trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 4.5.9.
Vulnerable software versionsAdobe Digital Editions : 4.5 - 4.5.8
External linkshttp://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Heap-based buffer overflow
EUVDB-ID: #VU15228
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12813
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to heap-based buffer overflow when handling malicious input. A remote unauthenticated attacker can create a specially crafted file trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 4.5.9.
Vulnerable software versionsAdobe Digital Editions : 4.5 - 4.5.8
External linkshttp://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Heap-based buffer overflow
EUVDB-ID: #VU15229
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12814
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to heap-based buffer overflow when handling malicious input. A remote unauthenticated attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 4.5.9.
Vulnerable software versionsAdobe Digital Editions : 4.5 - 4.5.8
External linkshttp://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Heap-based buffer overflow
EUVDB-ID: #VU13895
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12815
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when handling malicious input. A remote attacker can trick the victim into opening a specially crafted .pdf file, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 4.5.9.
Vulnerable software versionsAdobe Digital Editions : 4.5 - 4.5.8
External linkshttp://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
