Adobe Digital Edition Information Disclosure Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with Adobe Digital Edition and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow attackers to gain access to potentially sensitive information when sniffing the network. Impact Level: Application.

Solution

Upgrade to Adobe Digital Edition version 4.0.1 or later. For updates refer to http://www.adobe.com/products/digital-editions/download.html

Insight

The flaw exists as sensitive data is insecurely transmitted to adelogs.adobe.com without any encryption.

Affected

Adobe Digital Edition version 4.0 on Windows.

Detection

Get the installed version of Adobe Digital Edition with the help of detect NVT and check the version is vulnerable or not.

References

http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-logs-back-to-adobe-in-plain-text
http://osvdb.com/113008
http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-8068

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

aMSN session hijack vulnerability (Windows)
Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Windows)
Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
Apache Tomcat servlet/JSP container default files
Apache Traffic Server Remote DNS Cache Poisoning Vulnerability

Take action and discover your vulnerabilities