CVE-2017-3090

CRITICAL

Adobe Digital Editions < 4.5.4 - Uncontrolled Search Path

Title source: rule

Description

Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of browser related library extensions in the installer plugin. A successful exploitation could lead to arbitrary code execution.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99024

[Vendor Advisory] https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038658

Scores

CVSS v3 9.8

EPSS 0.0691

EPSS Percentile 91.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status draft

Affected Products (1)

adobe/digital_editions < 4.5.4

Timeline

Published Jun 20, 2017

Tracked Since Feb 18, 2026