CVE-2017-11273

MEDIUM

Adobe Digital Editions <= 4.5.6 - Sensitive Information Exposure via XML Parsing

Title source: llm
STIX 2.1

Description

An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. Adobe Digital Editions parses crafted XML files in an unsafe manner, which could lead to sensitive information disclosure.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101839
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039798

Scores

CVSS v3 5.5
EPSS 0.0438
EPSS Percentile 90.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
adobe/digital_editions < 4.5.6
n/a/Adobe Digital Editions 4.5.6 and earlier versions Adobe Digital Editions 4.5.6 and earlier versions
Published Dec 09, 2017
Tracked Since Feb 18, 2026