Vulners
Lucene search
Adobe Digital Editions 4.5.0 - '.pdf' Critical Memory Corruption
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | Adobe Digital Editions 4.5.0 - '.pdf' Critical Memory Corruption | 9 Mar 201600:00 | – | zdt |
 | Adobe Digital Editions < 4.5.1 RCE (APSB16-06) | 9 Mar 201600:00 | – | nessus |
| Adobe Digital Editions < 4.5.1 RCE (APSB16-06) (Mac OS X) | 9 Mar 201600:00 | – | nessus |
| Adobe Digital Editions < 4.5.1 (APSB16-06) (macOS) | 21 Oct 202400:00 | – | nessus |
 | APSB16-06 Security update available for Adobe Digital Editions | 8 Mar 201600:00 | – | adobe |
 | CVE-2016-0954 | 9 Mar 201600:00 | – | circl |
 | Adobe Digital Editions Denial of Service Vulnerability | 10 Mar 201600:00 | – | cnvd |
 | CVE-2016-0954 | 9 Mar 201611:00 | – | cve |
 | CVE-2016-0954 | 9 Mar 201611:00 | – | cvelist |
 | Adobe Digital Editions 4.5.0 - .pdf Critical Memory Corruption | 9 Mar 201600:00 | – | exploitpack |
10
########################################################################################
# Title: Adobe Digital Editions <= 4.5.0 - Critical memory corruption
# Application: Adobe Digital Editions
# Version: 4.5.0 and earlier versions
# Platform: Windows, Macintosh, iOS and Android
# Software Link: http://www.adobe.com/solutions/ebook/digital-editions.html
# Date: March 8, 2016
# CVE: CVE-2016-0954
# Author: Pier-Luc Maltais from COSIG
# Contact: https://twitter.com/COSIG_
# Personal contact: https://twitter.com/plmaltais
########################################################################################
===================
Introduction:
===================
Adobe® Digital Editions software offers an engaging way to view and manage eBooks and
other digital publications. Use it to download and purchase digital content, which can
be read both online and offline. Transfer copy-protected eBooks from your personal
computer to other computers or devices. Organize your eBooks into a custom library and
annotate pages. Digital Editions also supports industry-standard eBook formats,
including PDF/A and EPUB. (http://www.adobe.com/ca_fr/products/digital-editions.html)
########################################################################################
===================
Report Timeline:
===================
2015-10-24: Pier-Luc Maltais from COSIG found the issue and report it to Adobe PSIRT.
2016-03-08: Vendor fixed the issue (APSB16-06).
2016-03-08: Release of this advisory.
########################################################################################
===================
Technical details:
===================
A critical memory corruption occurs when Adobe Digital Editions handle a specially
crafted ExtGstate object, which could lead to remote code execution.
########################################################################################
==========
POC:
==========
https://plmsecurity.net/sites/plmsecurity.net/files/APSB16-06_PoC.pdf
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39533.zip
########################################################################################Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Mar 2016 00:00Current
9.4High risk
Vulners AI Score9.4
CVSS 39.8
CVSS 210
EPSS0.3366