CVE-2017-11273
MEDIUMAdobe Digital Editions <= 4.5.6 - Sensitive Information Exposure via XML Parsing
Title source: llmDescription
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. Adobe Digital Editions parses crafted XML files in an unsafe manner, which could lead to sensitive information disclosure.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101839
Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039798
Scores
CVSS v3
5.5
EPSS
0.0438
EPSS Percentile
90.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
adobe/digital_editions
< 4.5.6
n/a/Adobe Digital Editions 4.5.6 and earlier versions
Adobe Digital Editions 4.5.6 and earlier versions
Published
Dec 09, 2017
Tracked Since
Feb 18, 2026