Adobe Digital Editions < 4.5.3 Multiple Information Disclosure Vulnerabilities (APSB16-45) (macOS)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote macOS or Mac OS X host is affected by multiple information
disclosure vulnerabilities.

Description :

The version of Adobe Digital Editions installed on the remote macOS or
Mac OS X host is prior to 4.5.3. It is, therefore, affected by
multiple information disclosure vulnerabilities :

- An information disclosure vulnerability exists that
allows an unauthenticated, remote attacker to disclose
memory address information. (CVE-2016-7888)

- An information disclose vulnerability exists due to an
XML external entity (XXE) injection flaw caused by
an incorrectly configured XML parser accepting XML
external entities from an untrusted source. An
unauthenticated, remote attacker can exploit this, via
specially crafted XML data, to disclose arbitrary files
on the host. (CVE-2016-7889)

See also :

http://www.nessus.org/u?464de650
http://www.nessus.org/u?c3aa2f29

Solution :

Upgrade to Adobe Digital Editions version 4.5.3 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 95889 ()

Bugtraq ID: 94879
94880

CVE ID: CVE-2016-7888
CVE-2016-7889

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now