COSIG-2016-12

COSIG-2016-12

#####################################################################################

# Application: Adobe Digital Editions
# Platforms: Windows, Macintosh, iOS and Android
# Versions: 4.5.0 and earlier versions
# Author: Pier-Luc Maltais of COSIG
# Website: https://cosig.gouv.qc.ca/en/advisory/
# Twitter: @COSIG_
# Date: March 8, 2016
# CVE: CVE-2016-0954
# COSIG-2016-12

#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) POC

#####################################################################################

================
1) Introduction
================
Adobe® Digital Editions software offers an engaging way to view and manage eBooks and other digital
publications. Use it to download and purchase digital content, which can be read both online and offline.
Transfer copy-protected eBooks from your personal computer to other computers or devices. Organize your
eBooks into a custom library and annotate pages. Digital Editions also supports industry-standard eBook
formats, including PDF/A and EPUB.

(http://www.adobe.com/ca/products/digital-editions.html)

#####################################################################################

====================
2) Report Timeline
====================
2015-10-24: Pier-Luc Maltais of COSIG found the issue and report it to Adobe PSIRT.
2016-03-08: Vendor fixed the issue (APSB16-06).
2016-03-08: Release of this advisory.

#####################################################################################

=====================
3) Technical details
=====================
A critical memory corruption occurs when Adobe Digital Editions handle a specially crafted ExtGstate
object, which could lead to remote code execution.

#####################################################################################

===========
4) POC
===========

COSIG-2016-12

#####################################################################################