=====================================================================

                           CERT-Renater

               Note d'Information No. 2014/VULN023
_____________________________________________________________________

DATE                : 23/01/2014

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Windows, Mac OS X running Adobe Digital Editions
                          version 2.0.1.

======================================================================
http://helpx.adobe.com/security/products/Digital-Editions/apsb14-03.html
______________________________________________________________________

Security update available for Adobe Digital Editions

Release date: January 22, 2014

Vulnerability identifier: APSB14-03

Priority: See table below

CVE number: CVE-2014-0494

Platform: Windows and Macintosh


Summary

Adobe has released a security update for Adobe Digital Editions for
Windows and Macintosh. This update addresses a vulnerability in the
software that could cause the application to crash and potentially
allow an attacker to take control of the affected system.

Adobe recommends users update their product installation using the
instructions provided in the solution section below.


Affected software versions

Adobe Digital Editions version 2.0.1 for Windows and Macintosh.


Solution

Adobe recommends users update their product by downloading the
installer from
http://www.adobe.com/products/digital-editions/download.html and
following the instructions provided in the installation dialogue.


Priority and severity ratings

Adobe categorizes this update with the following priority rating and
recommends users update their installation to the newest version:


Product 	Updated version 	Platform 	Priority rating
Adobe Digital Editions 	3.0 	Windows & Macintosh	3


These updates address critical vulnerabilities in the software.


Details

Adobe has released a security update for Adobe Digital Editions for
Windows and Macintosh. This update addresses a vulnerability in the
software that could cause the application to crash and potentially
allow an attacker to take control of the affected system.

Adobe recommends users update their product installation using the
instructions provided in the solution section above.

This update resolves a memory corruption vulnerability that could lead
to code execution (CVE-2014-0494).


Acknowledgments

Adobe would like to thank Mario Gomes working with Beyond Security's
SecuriTeam Secure Disclosure Project for reporting this issue and for
working with Adobe to help protect our customers.

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================