Main Vulnerability Database Vulnerabilities #VU5812

Heap-based buffer overflow in Adobe Digital Editions - CVE-2017-2973

Published: February 14, 2017 / Updated: February 14, 2017

Vulnerability identifier: #VU5812

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-2973

CWE-ID: CWE-122

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Adobe

Affected software:
Adobe Digital Editions

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Adobe Digital Editions when processing malformed files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

How to mitigate CVE-2017-2973

Update to version 4.5.4.

Sources

https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html

Heap-based buffer overflow in Adobe Digital Editions - CVE-2017-2973

Detailed vulnerability description

How to mitigate CVE-2017-2973

Sources

Please verify you're human