CVE-2017-3090

Опубликовано: 20 июн. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of browser related library extensions in the installer plugin. A successful exploitation could lead to arbitrary code execution.

Ссылки

http://www.securityfocus.com/bid/99024
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038658
https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html
Vendor Advisory
http://www.securityfocus.com/bid/99024
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038658
https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:adobe:digital_editions:*:*:*:*:*:*:*:*

Версия до 4.5.4 (включая)

EPSS

Процентиль: 92%

0.08832

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-427

Связанные уязвимости

GHSA-hfjx-4437-923g