Adobe Digital Editions Command Execution Vulnerability
CVE-2021-39826

8.6HIGH

Key Information:

Vendor: Adobe
Status: Digital Editions
Vendor: CVE Published:; 27 September 2021

Summary

Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. An authenticated attacker could leverage this vulnerability to execute arbitrary commands. User interaction is required to abuse this vulnerability in that a user must open a maliciously crafted .epub file.

Affected Version(s)

Digital Editions <= 4.5.11.187646

Digital Editions <= unspecified

References

https://helpx.adobe.com/security/products/Digital-Edition...

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 27, 2021
Vulnerability Reserved
Aug 23, 2021