본문 바로가기
취약점 정보2

Security update available for Adobe Digital Editions

Ryansecurity 2017. 2. 15. 08:20
728x90

Release date: February 14, 2017

Vulnerability identifier: APSB17-05

Priority: 3

CVE numbers: CVE-2017-2973, CVE-2017-2974, CVE-2017-2975, CVE-2017-2976, CVE-2017-2977, CVE-2017-2978, CVE-2017-2979, CVE-2017-2980, CVE-2017-2981    

Platform: Windows, Macintosh and Android

Summary

Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh and Android. This update resolves a critical heap buffer overflow vulnerability that could lead to code execution and important buffer overflow vulnerabilities that could lead to a memory leak.

Affected versions

ProductAffected versionPlatform
Adobe Digital Editions4.5.3 and earlier versionsWindows, Macintosh and Android

Solution

Adobe categorizes this update with the following priority ratings and recommends users update their installation to the newest version:

ProductUpdated versionPlatformPriority ratingAvailability
  Windows
3Download Page
Adobe Digital Editions4.5.4Macintosh3Download Page
  Android3Playstore

Customers using Adobe Digital Editions 4.5.3 can download the update from the Adobe Digital Editions download page, or utilize the product’s update mechanism when prompted.

For more information, please reference the release notes.

Vulnerability Details

  • This update resolves a vulnerability that could lead to a heap buffer overflow vulnerability that could lead to code execution (CVE-2017-2973). 
  • This update resolve buffer overflow vulnerabilities that could lead to a memory leak (CVE-2017-2974, CVE-2017-2975, CVE-2017-2976, CVE-2017-2978, CVE-2017-2977, CVE-2017-2979, CVE-2017-2980, CVE-2017-2981).

Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

  • Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative (CVE-2017-2974, CVE-2017-2975, CVE-2017-2976, CVE-2017-2977, CVE-2017-2978, CVE-2017-2979, CVE-2017-2981). 
  • Steven Seeley of Source Incite (CVE-2017-2980).
  • Ke Liu of Tencent's Xuanwu LAB (CVE-2017-2973).


728x90
저작자표시 비영리 변경금지

'취약점 정보2' 카테고리의 다른 글

Adobe 제품군 보안 업데이트 권고  (0) 2017.02.15
Security update available for Adobe Campaign  (0) 2017.02.15
어도비 플래쉬 플레이어 업데이트 안내  (0) 2017.02.15
GarageBand 10.1.6 update  (0) 2017.02.15
lg모바일 2월 정기 업데이트 내역  (0) 2017.02.13

'취약점 정보2' Related Articles

티스토리툴바