CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21582 – ZDI-CAN-18255: Adobe Digital Editions PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21582
Adobe Digital Editions version 4.5.11.187303 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Digital Editions. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. • https://helpx.adobe.com/security/products/Digital-Editions/apsb23-04.html • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39828 – Adobe Digital Editions Installer flaw leads to Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-39828
Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a privilege escalation vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability. Adobe Digital Editions versiones 4.5.11.187646 (y anteriores), están afectadas por una vulnerabilidad de escalada de privilegios en el instalador de Digital Editions. Un atacante autenticado podría aprovechar esta vulnerabilidad para escalar privilegios. • https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39827 – Adobe Digital Editions Installer flaw leads to Arbitrary File System Write
https://notcve.org/view.php?id=CVE-2021-39827
Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary file write vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to write an arbitrary file to the system. User interaction is required before product installation to abuse this vulnerability. Adobe Digital Editions versiones 4.5.11.187646 (y anteriores), están afectadas por una vulnerabilidad de escritura de archivos arbitraria en el instalador de Digital Editions. Un atacante autenticado podría aprovechar esta vulnerabilidad para escribir un archivo arbitrario en el sistema. • https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39826 – Adobe Digital Editions Command Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-39826
Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. An authenticated attacker could leverage this vulnerability to execute arbitrary commands. User interaction is required to abuse this vulnerability in that a user must open a maliciously crafted .epub file. Adobe Digital Editions versiones 4.5.11.187646 (y anteriores), están afectadas por una vulnerabilidad de ejecución de comandos arbitrarios. Un atacante autenticado podría aprovechar esta vulnerabilidad para ejecutar comandos arbitrarios. • https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21100 – Adobe Digital Editions Arbitrary file system write vulnerability
https://notcve.org/view.php?id=CVE-2021-21100
Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected by a Privilege Escalation vulnerability during installation. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary file system write in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Adobe Digital Editions versión 4.5.11.187245 (y anteriores) está afectada por una vulnerabilidad de escalada de privilegios durante la instalación. Un atacante no autenticado podría aprovechar esta vulnerabilidad para lograr una escritura arbitraria del sistema de archivos en el contexto del usuario actual. • https://helpx.adobe.com/security/products/Digital-Editions/apsb21-26.html • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •