Fortinet Discovers Adobe Digital Editions Memory Corruption Vulnerability
Fortinet's FortiGuard Labs has discovered a memory corruption vulnerability in Adobe Digital Editions.
Adobe Digital Editions (abbreviated ADE) is an ebook reader software program from Adobe Systems. Most major publishers use ADE to proof-read their books.
A memory corruption vulnerability has been discovered in ADE. The vulnerability is caused by improperly parsing specially crafted .epub file. The vulnerability can be triggered by opening a .epub file with a crafted embedded file. It could allow malicious users to create code execution scenarios.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Jul 04, 2016
Users should apply the solution provided by Adobe.
Fortinet reported the vulnerability to Adobe on May 27, 2016.
Adobe confirmed the vulnerability on June 23, 2016.
Adobe patched the vulnerability on June 13, 2017.
This vulnerability was discovered by Honggang Ren of Fortinet's FortiGuard Labs.