CVE-2017-2973 Adobe CVE debrief

Who should care

Organizations and users running Adobe Digital Editions 4.5.3 or earlier should treat this as high priority, especially teams responsible for desktop software patching, endpoint security, and environments that open untrusted ebook content.

Technical summary

NVD classifies the issue as CWE-119 and assigns CVSS 3.0 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The vulnerable product range in the NVD CPE criteria is Adobe Digital Editions up to and including version 4.5.3. The core impact described in the source corpus is potential arbitrary code execution.

Defensive priority

Critical. The combination of a 9.8 CVSS score, no privileges required, and potential code execution makes this a top-tier patching and exposure review item for affected Adobe Digital Editions installations.

Recommended defensive actions

• Identify whether Adobe Digital Editions version 4.5.3 or earlier is installed anywhere in the environment.
• Apply the vendor-recommended update or remediation guidance from Adobe's security advisory for APSB17-05.
• Prioritize remediation on systems that open external or untrusted files and on endpoints used by high-risk users.
• Remove or isolate unsupported or unmaintained installations that cannot be updated promptly.
• Verify patch status after remediation and continue monitoring for any future Adobe security updates affecting Digital Editions.

Evidence notes

The debrief is based on the official NVD CVE record and the Adobe security advisory referenced there. NVD lists the vulnerable CPE range as Adobe Digital Editions through version 4.5.3 and identifies CWE-119. The source corpus also includes Adobe's vendor advisory reference and third-party bulletin references, but no additional unverified technical details were used.

Official resources