Main Vulnerability Database Vulnerabilities #VU7031

Insecure DLL library loading in Adobe Digital Editions - CVE-2017-3097

Published: June 13, 2017 / Updated: June 13, 2017

Vulnerability identifier: #VU7031

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-3097

CWE-ID: CWE-426

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Adobe

Affected software:
Adobe Digital Editions

Detailed vulnerability description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to insecure inclusion of dynamic libraries (.dll). A remote attacker can place Adobe Digital Editions media file along with a specially crafted .dll file on a public SMB or WebDav share, trick the victim into opening the legitimate media file with the help of Adobe Digital Editions and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

How to mitigate CVE-2017-3097

Update to version 4.5.5.

Sources

https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html

Insecure DLL library loading in Adobe Digital Editions - CVE-2017-3097

Detailed vulnerability description

How to mitigate CVE-2017-3097

Sources

Please verify you're human