Digital Editions
CVE-2017-11300
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.
AnalysisAI
An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. Affected products include: Adobe Digital Editions.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
More in Digital Editions
View allAdobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corr
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable heap overflow vulnerability. Rated critical severi
Adobe Digital Editions 2.x before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. Rated critical seve
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. Rated critical seve
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. Rated critical seve
Adobe Digital Editions 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF runtime
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF parsing
Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspe
Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspe
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the character c
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today