CVE-2021-39828

Name of the Vulnerable Software and Affected Versions Adobe Digital Editions versions 4.5.11.187646 and earlier

Description The issue is related to a privilege escalation vulnerability in the Digital Editions installer, which can be exploited by an authenticated attacker to escalate privileges. This requires user interaction before product installation. The vulnerability is also associated with the creation of temporary files with insecure permissions, allowing an attacker to potentially elevate their privileges.

Recommendations For Adobe Digital Editions versions 4.5.11.187646 and earlier, consider avoiding the installation of the product until a fixed version is available, as the vulnerability can be exploited during the installation process. As a temporary workaround, restrict user interaction with the installer to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.