Adobe Digital Editions < 4.5.6 Multiple Vulnerabilities (APSB17-27)
Critical Nessus Plugin ID 102324
SynopsisAn application installed on the remote Windows host is affected by multiple vulnerabilities.
DescriptionThe version of Adobe Digital Editions installed on the remote Windows host is prior to 4.5.6. It is, therefore, affected by multiple vulnerabilities :
- An XML external entity (XXE) parsing flaw exists that can lead to information disclosure. (CVE-2017-11272)
- An unspecified buffer overflow vulnerability may result in the execution of arbitrary code. (CVE-2017-11274)
- Multiple unspecified memory corruption flaws exist that can cause a memory address disclosure. (CVE-2017-3091, CVE-2017-11275, CVE-2017-11276, CVE-2017-11277, CVE-2017-11278, CVE-2017-11279, CVE-2017-11280)
SolutionUpgrade to Adobe Digital Editions version 4.5.6 or later.