본문 바로가기

취약점 정보2

Security update available for Adobe Digital Editions

728x90

Release date: February 14, 2017

Vulnerability identifier: APSB17-05

Priority: 3

CVE numbers: CVE-2017-2973, CVE-2017-2974, CVE-2017-2975, CVE-2017-2976, CVE-2017-2977, CVE-2017-2978, CVE-2017-2979, CVE-2017-2980, CVE-2017-2981    

Platform: Windows, Macintosh and Android

Summary

Adobe has released a security update for Adobe Digital Editions for Windows, Macintosh and Android. This update resolves a critical heap buffer overflow vulnerability that could lead to code execution and important buffer overflow vulnerabilities that could lead to a memory leak.

Affected versions

ProductAffected versionPlatform
Adobe Digital Editions4.5.3 and earlier versionsWindows, Macintosh and Android

Solution

Adobe categorizes this update with the following priority ratings and recommends users update their installation to the newest version:

ProductUpdated versionPlatformPriority ratingAvailability
  Windows
3Download Page
Adobe Digital Editions4.5.4Macintosh3Download Page
  Android3Playstore

Customers using Adobe Digital Editions 4.5.3 can download the update from the Adobe Digital Editions download page, or utilize the product’s update mechanism when prompted.

For more information, please reference the release notes.

Vulnerability Details

  • This update resolves a vulnerability that could lead to a heap buffer overflow vulnerability that could lead to code execution (CVE-2017-2973). 
  • This update resolve buffer overflow vulnerabilities that could lead to a memory leak (CVE-2017-2974, CVE-2017-2975, CVE-2017-2976, CVE-2017-2978, CVE-2017-2977, CVE-2017-2979, CVE-2017-2980, CVE-2017-2981).

Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

  • Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative (CVE-2017-2974, CVE-2017-2975, CVE-2017-2976, CVE-2017-2977, CVE-2017-2978, CVE-2017-2979, CVE-2017-2981). 
  • Steven Seeley of Source Incite (CVE-2017-2980).
  • Ke Liu of Tencent's Xuanwu LAB (CVE-2017-2973).


728x90