Fortinet Discovers Adobe Digital Editions Memory Corruption Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a memory corruption vulnerability in Adobe Digital Editions.
Adobe Digital Editions (abbreviated ADE) is an ebook reader software program from Adobe Systems. Most major publishers use ADE to proof-read their books.
A memory corruption vulnerability has been discovered in ADE. The vulnerability is caused by improperly parsing specially crafted .epub file. The vulnerability can be triggered by opening a .epub file with a crafted embedded file. It could allow malicious users to create code execution scenarios.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:Adobe.Digital.Editions.Memory.Corruption
Released Jul 04, 2016
Users should apply the solution provided by Adobe.
Additional Information
Fortinet reported the vulnerability to Adobe on May 27, 2016.
Adobe confirmed the vulnerability on June 23, 2016.
Adobe patched the vulnerability on June 13, 2017.