Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.1041
Security update for Adobe Digital Editions
1 August 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Adobe Digital Editions
Publisher: Adobe
Operating System: Windows
OS X
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2013-1377
Original Bulletin:
http://www.adobe.com/support/security/bulletins/apsb13-20.html
- --------------------------BEGIN INCLUDED TEXT--------------------
Security update for Adobe Digital Editions
Release date: July 30, 2013
Vulnerability identifier: APSB13-20
Priority: See table below
CVE number: CVE-2013-1377
Platform: Windows and Macintosh
Summary
Adobe has released a security update for Adobe Digital Editions for Windows and
Macintosh. This update addresses a vulnerability in the software that could
cause the application to crash and potentially allow an attacker to take
control of the affected system.
Adobe recommends users update their product installation using the instructions
provided in the solution section below.
Affected software versions
Adobe Digital Editions version 2.0.0 for Windows and Macintosh.
Solution
Adobe recommends users update their product by downloading the installer from
http://www.adobe.com/products/digital-editions/download.html and following the
instructions provided in the installation dialogue.
Priority and severity ratings
Adobe categorizes this update with the following priority rating and recommends
users update their installation to the newest version:
Product Updated version Platform Priority rating
Adobe Digital Editions 2.0.1 Windows and 3
Macintosh
This update addresses a critical vulnerability in the software.
Details
Adobe has released a security update for Adobe Digital Editions for Windows
and Macintosh. This update addresses a vulnerability in the software that
could cause the application to crash and potentially allow an attacker to take
control of the affected system. Adobe recommends users update their product
installation using the instructions provided in the solution section above.
This update resolves a memory corruption vulnerability that could lead to code
execution (CVE-2013-1377).
Acknowledgments
Adobe would like to thank Kaveh Ghaemmaghami (coolkaveh) via Secunia SVCRP for
reporting this issue and for working with Adobe to help protect our customers.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUfnFSBLndAQH1ShLAQI5yxAAicm4A6tbjgQrO/w559ys5jdqm3gFaLie
ghcjNuqTKDc/ti2OBZMORgeZF/lbGDRMQmlw/lWeBO4gEkwGxh6ZnnCrejgAG0Zx
Mje1jFoi7eJa+czDzxm/ImdTvLJ9QO9tyY1WW1RxtTYsQQanfZ4rmResk5PO+INl
RB+3Xz2iWbS47RvJ++EK6J0bAH2SIpdn1JHWqU4vFeF63zrKU0tr+nI22T9Yk4Qa
N9JnYltce0O33RGCBe0WK6Oy9PWDlxk8P5/9qfvv1csE0rsiYYWCK5jGyLpHsZjU
bCEx2KwJVtziQZaTl9EQX1Z/nXY3Tqdyda0RS75/f5z6ggH8ywYZuf5qGiSCr9Tu
D0lNeZX75QY7JL8NKPP9l8vraWeIeeiHDg59hO5yPi/RrgzZeHv1M7b8ymewjV9s
tcy7Qtf1xlm6PcefFkSW6IrKysrM7sxYeTL/gRkGk5LnZhZl5p+E8jScAzr8FULE
z2qeVXPRW6syLDocleMlD0hqdawcfXR0YVDI4Lnu5LYe24foqFuWz1oPXGd9/imv
xvV1RnI5j9pAXtrn/otSYAYQwmVuxWC4zTW1MlssiRk6sFQeLrsfOraAIWEVCz14
FP0FiZIFLNbm39V67V6HFF+42wHFZQ7rejqc45Qaj6Xr0WA4LdSvY9TWk8b2EKSM
y8nQDGTc52M=
=HMwk
-----END PGP SIGNATURE-----