Headline
CVE-2023-21582: Adobe Security Bulletin
Adobe Digital Editions version 4.5.11.187303 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Security Updates Available for Adobe Digital Editions | APSB23-04
Bulletin ID
Date Published
Priority
APSB23-04
April 11, 2023
3
Summary
Adobe has released a security update for Adobe Digital Editions. This update resolves one critical vulnerability that could result in arbitrary code execution.
Affected product versions
Product
Version
Platform
Adobe Digital Editions
4.5.11.187303 and earlier versions
Windows
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Product
Version
Platform
Priority
Availability
Adobe Digital Editions
4.5.11.187658
Windows
3
Download Page
- Customers can download the update from the Adobe Digital Editions download page, or utilize the product’s update mechanism when prompted.
Vulnerability details
Vulnerability Category
Vulnerability Impact
Severity
CVSS base score
CVSS vector
CVE Numbers
Out-of-bounds Write (CWE-787)
Arbitrary code execution
Critical
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-21582
Acknowledgments
Adobe would like to thank the following security researchers for reporting these issues and for working with Adobe to help protect our customers.
- Michael DePlante (@izobashi) with Trend Micro Zero Day Initiative - CVE-2023-21582
For more information, visit https://helpx.adobe.com/security.html, or email [email protected]