Bulletin ID
Last updated on
16 May 2021
|
Also applies to Digital Editions
Security updates available for Adobe Digital Editions | APSB17-39
|
|
Date Published |
Priority |
|---|---|---|
|
APSB17-39 |
November 14, 2017 |
3 |
Summary
Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh, iOS, and Android. This update addresses an XML external entity processing vulnerability rated critical that could lead to information disclosure, out-of-bounds read vulnerabilities that could lead to the disclosure of memory addresses and a memory corruption vulnerability that could lead to the disclosure of memory addresses.
Affected product versions
|
Product |
Version |
Platform |
|---|---|---|
|
Adobe Digital Editions |
4.5.6 and earlier versions |
Windows, Macintosh, iOS and Android |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
| Product | Version | Platform | Priority | Availability |
|---|---|---|---|---|
| Adobe Digital Editions | 4.5.7 | Windows | 3 | Download Page |
| Macintosh | 3 | Download Page | ||
| iOS | 3 | iTunes | ||
| Android | 3 | Playstore |
Note:
- Customers using Adobe Digital Editions 4.5.6 can download the update from the Adobe Digital Editions download page, or utilize the product’s update mechanism when prompted.
- For more information, please reference the release notes.
Vulnerability details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Numbers |
|---|---|---|---|
|
Unsafe parsing of XML External Entities |
Information Disclosure |
Critical |
CVE-2017-11273 |
|
Out-of-bounds read |
Memory address disclosure |
Important |
CVE-2017-11297 |
|
Out-of-bounds read |
Memory address disclosure |
Important |
CVE-2017-11298 |
|
Out-of-bounds read |
Memory address disclosure |
Important |
CVE-2017-11299 |
|
Out-of-bounds read |
Memory address disclosure |
Important |
CVE-2017-11300 |
|
Memory Corruption |
Memory address disclosure |
Important |
CVE-2017-11301 |
Acknowledgments
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
- Steven Seeley of Source Incite (CVE-2017-11273)
- Jaanus Kääp, Clarified Security (CVE-2017-11297, CVE-2017-11298, CVE-2017-11299, CVE-2017-11300)
- Riusksk of Tencent Security Platform Department (CVE-2017-11301)
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online