CVE-2021-39827

Name of the Vulnerable Software and Affected Versions Adobe Digital Editions versions 4.5.11.187646 and earlier

Description The issue is related to an arbitrary file write vulnerability in the Digital Editions installer, which could allow an authenticated attacker to write an arbitrary file to the system. This requires user interaction before product installation to abuse the vulnerability. The vulnerability is also associated with the creation of temporary files with insecure permissions, potentially allowing a remote attacker to execute arbitrary writes to the file system using a specially crafted file.

Recommendations For Adobe Digital Editions versions 4.5.11.187646 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting the installation of Digital Editions to minimize the risk of exploitation. Avoid using the vulnerable Digital Editions installer until the issue is resolved.