Adobe Digital Editions < 4.5.3 Multiple Information Disclosure Vulnerabilities (APSB16-45) (macOS)
Medium Nessus Plugin ID 95889
SynopsisThe remote macOS or Mac OS X host is affected by multiple information disclosure vulnerabilities.
DescriptionThe version of Adobe Digital Editions installed on the remote macOS or Mac OS X host is prior to 4.5.3. It is, therefore, affected by multiple information disclosure vulnerabilities :
- An information disclosure vulnerability exists that allows an unauthenticated, remote attacker to disclose memory address information. (CVE-2016-7888)
- An information disclose vulnerability exists due to an XML external entity (XXE) injection flaw caused by an incorrectly configured XML parser accepting XML external entities from an untrusted source. An unauthenticated, remote attacker can exploit this, via specially crafted XML data, to disclose arbitrary files on the host. (CVE-2016-7889)
SolutionUpgrade to Adobe Digital Editions version 4.5.3 or later.