ID CVE-2017-11274
Summary Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
References
Vulnerable Configurations
  • Adobe Digital Editions 4.5.5
    cpe:2.3:a:adobe:digital_editions:4.5.5
CVSS
Base: 10.0
Impact:
Exploitability:
CWE CWE-416
CAPEC
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_ADOBE_DIGITAL_EDITIONS_APSB17-27.NASL
    description The version of Adobe Digital Editions installed on the remote macOS or Mac OS X host is prior to 4.5.6. It is, therefore, affected by multiple vulnerabilities : - An XML external entity (XXE) parsing flaw exists that can lead to information disclosure. (CVE-2017-11272) - An unspecified buffer overflow vulnerability may result in the execution of arbitrary code. (CVE-2017-11274) - Multiple unspecified memory corruption flaws exist that can cause a memory address disclosure. (CVE-2017-3091, CVE-2017-11275, CVE-2017-11276, CVE-2017-11277, CVE-2017-11278, CVE-2017-11279, CVE-2017-11280)
    last seen 2017-11-17
    modified 2017-11-16
    plugin id 102325
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102325
    title Adobe Digital Editions < 4.5.6 Multiple Vulnerabilities (APSB17-27) (macOS)
  • NASL family Windows
    NASL id ADOBE_DIGITAL_EDITIONS_APSB17-27.NASL
    description The version of Adobe Digital Editions installed on the remote Windows host is prior to 4.5.6. It is, therefore, affected by multiple vulnerabilities : - An XML external entity (XXE) parsing flaw exists that can lead to information disclosure. (CVE-2017-11272) - An unspecified buffer overflow vulnerability may result in the execution of arbitrary code. (CVE-2017-11274) - Multiple unspecified memory corruption flaws exist that can cause a memory address disclosure. (CVE-2017-3091, CVE-2017-11275, CVE-2017-11276, CVE-2017-11277, CVE-2017-11278, CVE-2017-11279, CVE-2017-11280)
    last seen 2018-07-01
    modified 2018-06-29
    plugin id 102324
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102324
    title Adobe Digital Editions < 4.5.6 Multiple Vulnerabilities (APSB17-27)
refmap via4
bid 100194
confirm https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html
sectrack 1039100
Last major update 11-08-2017 - 15:29
Published 11-08-2017 - 15:29
Last modified 16-08-2017 - 09:47
Back to Top