Adobe Digital Editions Memory Corruption Vulnerability (CVE-2014-0494)

Release date:
Updated on:

Affected Systems:
Adobe Digital Editions 2.0.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 65091
CVE (CAN) ID: CVE-2014-0494

Adobe Digital Editions is A software for reading and managing e-books and other Digital publications. It supports industrial standard e-books, such as PDF/A and EPUB.

Adobe Digital Editions 2.0.1 and other versions have the memory corruption vulnerability of unknown details. Attackers can trick users into viewing webpages containing specially crafted eBooks and other Digital publications, attackers can exploit this vulnerability to execute arbitrary code on the target system or cause denial of service (DoS) attacks.

<* Source: Mario Gomes

Link: http://secunia.com/advisories/56578/
Http://helpx.adobe.com/security/products/Digital-Editions/apsb14-03.html
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Adobe
-----
Adobe has released a Security Bulletin (apsb14-03) and patches for this:
Apsb14-03: Security update available for Adobe Digital Editions
Link: http://helpx.adobe.com/security/products/Digital-Editions/apsb14-03.html

Patch download: http://www.adobe.com/products/digital-editions/download.html