Main Vulnerability Database SB2016121308

SB2016121308 - Two vulnerabilities in Adobe Digital Editions

Published: December 13, 2016

Security Bulletin ID SB2016121308

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2016-7889)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to unknown error when parsing specially crafted XML entities. A remote attacker can create a specially crafted XML file and obtain potentially sensitive information

Successful exploitation of the vulnerability may result information disclosure.

2) Memory leak (CVE-ID: CVE-2016-7888)

The vulnerability allows a remote attacker to obtain potentially sensitive information and cause denial of service.

The vulnerability exists due to unknown error. A remote attacker can cause memory address leak.

Successful exploitation of the vulnerability may result information disclosure and DoS attack.

Remediation

Install update from vendor's website.

References

https://helpx.adobe.com/security/products/Digital-Editions/apsb16-45.html