cnvd - cnvd-2021-79750

cnvd-2021-79750

Vulnerability from cnvd

Title: Adobe Digital Editions任意文件系统写入漏洞

Description:

Adobe Digital Editions软件提供一种引人入胜的方式帮助您查看和管理eBooks和其它数字出版物。

Adobe Digital Editions 4.5.11.187646及更早版本存在任意文件系统写入漏洞。该漏洞源于在权限不正确的目录中创建临时文件。攻击者可利用该漏洞写入任意文件系统。

Severity: 中

Patch Name: Adobe Digital Editions任意文件系统写入漏洞的补丁

Patch Description:

Adobe Digital Editions软件提供一种引人入胜的方式帮助您查看和管理eBooks和其它数字出版物。

Adobe Digital Editions 4.5.11.187646及更早版本存在任意文件系统写入漏洞。该漏洞源于在权限不正确的目录中创建临时文件。攻击者可利用该漏洞写入任意文件系统。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html

Reference: https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html

Impacted products

Name
Adobe Adobe Digital Editions <=4.5.11.187646

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-39827",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-39827"
    }
  },
  "description": "Adobe Digital Editions\u8f6f\u4ef6\u63d0\u4f9b\u4e00\u79cd\u5f15\u4eba\u5165\u80dc\u7684\u65b9\u5f0f\u5e2e\u52a9\u60a8\u67e5\u770b\u548c\u7ba1\u7406eBooks\u548c\u5176\u5b83\u6570\u5b57\u51fa\u7248\u7269\u3002\n\nAdobe Digital Editions 4.5.11.187646\u53ca\u66f4\u65e9\u7248\u672c\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u7cfb\u7edf\u5199\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u6743\u9650\u4e0d\u6b63\u786e\u7684\u76ee\u5f55\u4e2d\u521b\u5efa\u4e34\u65f6\u6587\u4ef6\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5199\u5165\u4efb\u610f\u6587\u4ef6\u7cfb\u7edf\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-79750",
  "openTime": "2021-10-25",
  "patchDescription": "Adobe Digital Editions\u8f6f\u4ef6\u63d0\u4f9b\u4e00\u79cd\u5f15\u4eba\u5165\u80dc\u7684\u65b9\u5f0f\u5e2e\u52a9\u60a8\u67e5\u770b\u548c\u7ba1\u7406eBooks\u548c\u5176\u5b83\u6570\u5b57\u51fa\u7248\u7269\u3002\r\n\r\nAdobe Digital Editions 4.5.11.187646\u53ca\u66f4\u65e9\u7248\u672c\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u7cfb\u7edf\u5199\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u6743\u9650\u4e0d\u6b63\u786e\u7684\u76ee\u5f55\u4e2d\u521b\u5efa\u4e34\u65f6\u6587\u4ef6\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5199\u5165\u4efb\u610f\u6587\u4ef6\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Digital Editions\u4efb\u610f\u6587\u4ef6\u7cfb\u7edf\u5199\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Adobe Adobe Digital Editions \u003c=4.5.11.187646"
  },
  "referenceLink": "https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html",
  "serverity": "\u4e2d",
  "submitTime": "2021-09-15",
  "title": "Adobe Digital Editions\u4efb\u610f\u6587\u4ef6\u7cfb\u7edf\u5199\u5165\u6f0f\u6d1e"
}

CVE-2021-39827 (GCVE-0-2021-39827)

Vulnerability from cvelistv5

Published

2021-09-27 15:42

Modified

2024-09-17 02:47

Severity ?

6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions ()

Summary

Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary file write vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to write an arbitrary file to the system. User interaction is required before product installation to abuse this vulnerability.

References

▼	URL	Tags
	https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Adobe	Digital Editions	Version: unspecified < Version: unspecified <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:20:33.373Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Digital Editions",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "4.5.11.187646",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "None",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-09-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary file write vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to write an arbitrary file to the system. User interaction is required before product installation to abuse this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-379",
              "description": "Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-27T15:42:59",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Digital Editions Installer flaw leads to Arbitrary File System Write",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "DATE_PUBLIC": "2021-09-14T23:00:00.000Z",
          "ID": "CVE-2021-39827",
          "STATE": "PUBLIC",
          "TITLE": "Adobe Digital Editions Installer flaw leads to Arbitrary File System Write"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Digital Editions",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "4.5.11.187646"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "None"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "None"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "None"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Adobe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary file write vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to write an arbitrary file to the system. User interaction is required before product installation to abuse this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "userInteraction": "Required",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html",
              "refsource": "MISC",
              "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2021-39827",
    "datePublished": "2021-09-27T15:42:59.801934Z",
    "dateReserved": "2021-08-23T00:00:00",
    "dateUpdated": "2024-09-17T02:47:12.086Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted