CVE-2017-3092

9.8CRITICAL

Key Information:

Vendor: Adobe
Status: Adobe Digital Editions 4.5.4 And Earlier.
Vendor: CVE Published:; 20 June 2017

Summary

Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of editor control library functions in the installer plugin. A successful exploitation could lead to arbitrary code execution.

Affected Version(s)

Adobe Digital Editions 4.5.4 and earlier. Adobe Digital Editions 4.5.4 and earlier.

References

http://www.securityfocus.com/bid/99024

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1038658

vdb-entryx_refsource_SECTRACK

https://helpx.adobe.com/security/products/Digital-Edition...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 20, 2017
Vulnerability Reserved
Dec 2, 2016

.