Lucene search
Steven Seeley of Source InciteZDI-17-642HistoryAug 09, 2017 - 12:00 a.m.
Adobe Digital Editions ePub Font Parsing Use-After-Free Remote Code Execution Vulnerability
2017-08-0900:00:00
Steven Seeley of Source Incite
www.zerodayinitiative.com
19
0.012 Low
EPSS
Percentile
85.1%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Digital Editions. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of fonts in ePub files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process.
Related
cvelist
cvelist
CVE-2017-11274
2017-08-08 00:00:00
nvd
nvd
CVE-2017-11274
2017-08-11 19:29:01
cve
cve
CVE-2017-11274
2017-08-11 19:29:01
prion
prion
Double free
2017-08-11 19:29:00
openvas
openvas
Adobe Digital Editions Multiple Vulnerabilities (Aug 2017) - Mac OS X
2017-08-10 00:00:00
Adobe Digital Editions Multiple Vulnerabilities (Aug 2017) - Windows
2017-08-10 00:00:00
nessus
nessus
Adobe Digital Editions < 4.5.6 Multiple Vulnerabilities (APSB17-27) (macOS)
2017-08-09 00:00:00
Adobe Digital Editions < 4.5.6 Multiple Vulnerabilities (APSB17-27)
2017-08-09 00:00:00
adobe
adobe
APSB17-27 Security update available for Adobe Digital Editions
2017-08-08 00:00:00