Memory corruption in Adobe Digital Editions - CVE-2017-11279
Published: August 8, 2017
Vulnerability identifier: #VU7708
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-11279
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Adobe
Affected software:
Adobe Digital Editions
Adobe Digital Editions
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing XML entities. A remote unauthenticated attacker can create a specially crafted file, trick the victim into opening, trugger memory corruption and disclose addresses in memory.
Successful exploitation of this vulnerability may allow an attacker to gain access to potentially sensitive information.
How to mitigate CVE-2017-11279
Update to version 4.5.6.