Vulnerabilities > CVE-2019-7095 - Out-of-bounds Write vulnerability in Adobe Digital Editions

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

adobe

microsoft

CWE-787

critical

nessus

NVD

Published: 2019-05-24

Updated: 2020-08-24

Summary

Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Digital Editions - Adobe Digital Editions 2.0.0 Adobe Digital Editions 2.0.1 Adobe Digital Editions 4.0.0 Adobe Digital Editions 4.0.1 Adobe Digital Editions 4.0.2 Adobe Digital Editions 4.0.3 Adobe Digital Editions 4.5.0 Adobe Digital Editions 4.5.1 Adobe Digital Editions 4.5.2 Adobe Digital Editions 4.5.3 Adobe Digital Editions 4.5.4 Adobe Digital Editions 4.5.5 Adobe Digital Editions 4.5.6 Adobe Digital Editions 4.5.7 Adobe Digital Editions 4.5.8 Adobe Digital Editions 4.5.9 Adobe Digital Editions 4.5.10 Adobe Digital Editions 4.5.10.185749	21
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Nessus

NASL family	Windows
NASL id	ADOBE_DIGITAL_EDITIONS_APSB19-16.NASL
description	The version of Adobe Digital Editions installed on the remote Windows host is prior to 4.5.10.186048. It is, therefore, affected by a buffer overflow vulnerability that can be exploited to execute arbitrary code the context of the current user.
last seen	2020-06-01
modified	2020-06-02
plugin id	122815
published	2019-03-13
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122815
title	Adobe Digital Editions < 4.5.10.186048 Heap Overflow Vulnerability (APSB19-16)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(122815); script_version("1.4"); script_cvs_date("Date: 2020/02/14"); script_cve_id("CVE-2019-7095"); script_name(english:"Adobe Digital Editions < 4.5.10.186048 Heap Overflow Vulnerability (APSB19-16)"); script_summary(english:"Checks the version of Adobe Digital Editions."); script_set_attribute(attribute:"synopsis", value: "An application installed on the remote Windows host is affected by a buffer overflow vulnerability."); script_set_attribute(attribute:"description", value: "The version of Adobe Digital Editions installed on the remote Windows host is prior to 4.5.10.186048. It is, therefore, affected by a buffer overflow vulnerability that can be exploited to execute arbitrary code the context of the current user."); # https://helpx.adobe.com/security/products/Digital-Editions/apsb19-16.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?88a70056"); # http://www.adobe.com/solutions/ebook/digital-editions/release-notes.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c3aa2f29"); script_set_attribute(attribute:"solution", value: "Upgrade to Adobe Digital Editions version 4.5.10.186048 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7095"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/12"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:digital_editions"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies('adobe_digital_editions_installed.nbin'); script_require_keys("installed_sw/Adobe Digital Editions", "SMB/Registry/Enumerated"); exit(0); } include("vcf.inc"); get_kb_item_or_exit("SMB/Registry/Enumerated"); app_info = vcf::get_app_info(app:"Adobe Digital Editions", win_local:TRUE); constraints = [ { "fixed_version" : "4.5.10.186048" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

The Hacker News

id	THN:272CD36DF7E9AC343218C7FE2EF29FAD
last seen	2019-03-12
modified	2019-03-12
published	2019-03-12
reporter	The Hacker News
source	https://thehackernews.com/2019/03/adobe-software-updates.html
title	Adobe Releases Patches for Critical Flaws in Photoshop CC and Digital Edition

References

https://helpx.adobe.com/security/products/Digital-Editions/apsb19-16.html