Adobe Digital Editions < 4.5.5 Multiple Vulnerabilities (APSB17-20)
Critical Nessus Plugin ID 100792
SynopsisAn application installed on the remote Windows host is affected by multiple vulnerabilities.
DescriptionThe version of Adobe Digital Editions installed on the remote Windows host is prior to 4.5.5. It is, therefore, affected by multiple vulnerabilities :
- Multiple memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these to cause a denial of service condition or the execution of arbitrary code.
(CVE-2017-3088, CVE-2017-3089, CVE-2017-3093, CVE-2017-3096)
- Multiple unspecified flaws exist related to insecure loading of libraries. A local attacker can exploit these to gain elevated privileges. (CVE-2017-3090, CVE-2017-3092, CVE-2017-3097)
- Multiple stack-based buffer overflow conditions exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these to disclose memory contents. (CVE-2017-3094, CVE-2017-3095)
SolutionUpgrade to Adobe Digital Editions version 4.5.5 or later.