CVE-2017-3097

CRITICAL

Adobe Digital Editions < 4.5.4 - Uncontrolled Search Path

Title source: rule

Description

Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading functions in the installer plugin. A successful exploitation could lead to arbitrary code execution.

References (3)

[Vendor Advisory] https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99024

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038658

Scores

CVSS v3 9.8

EPSS 0.0691

EPSS Percentile 91.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status draft

Affected Products (1)

adobe/digital_editions < 4.5.4

Timeline

Published Jun 20, 2017

Tracked Since Feb 18, 2026