-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2013.1041
                Security update for Adobe Digital Editions
                               1 August 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Adobe Digital Editions
Publisher:         Adobe
Operating System:  Windows
                   OS X
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2013-1377  

Original Bulletin: 
   http://www.adobe.com/support/security/bulletins/apsb13-20.html

- --------------------------BEGIN INCLUDED TEXT--------------------

Security update for Adobe Digital Editions

Release date: July 30, 2013

Vulnerability identifier: APSB13-20

Priority: See table below

CVE number: CVE-2013-1377

Platform: Windows and Macintosh

Summary

Adobe has released a security update for Adobe Digital Editions for Windows and
Macintosh.  This update addresses a vulnerability in the software that could 
cause the application to crash and potentially allow an attacker to take 
control of the affected system.

Adobe recommends users update their product installation using the instructions
provided in the solution section below. 

Affected software versions

Adobe Digital Editions version 2.0.0 for Windows and Macintosh.

Solution

Adobe recommends users update their product by downloading the installer from 
http://www.adobe.com/products/digital-editions/download.html and following the 
instructions provided in the installation dialogue. 

Priority and severity ratings

Adobe categorizes this update with the following priority rating and recommends
users update their installation to the newest version:

Product 		Updated version Platform 	Priority rating
Adobe Digital Editions 	2.0.1 		Windows and 	3
					Macintosh   	  	  	 

This update addresses a critical vulnerability in the software.

Details

Adobe has released a security update for Adobe Digital Editions for Windows 
and Macintosh.  This update addresses a vulnerability in the software that 
could cause the application to crash and potentially allow an attacker to take
control of the affected system. Adobe recommends users update their product 
installation using the instructions provided in the solution section above. 

This update resolves a memory corruption vulnerability that could lead to code 
execution (CVE-2013-1377).

Acknowledgments

Adobe would like to thank Kaveh Ghaemmaghami (coolkaveh) via Secunia SVCRP for 
reporting this issue and for working with Adobe to help protect our customers.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUfnFSBLndAQH1ShLAQI5yxAAicm4A6tbjgQrO/w559ys5jdqm3gFaLie
ghcjNuqTKDc/ti2OBZMORgeZF/lbGDRMQmlw/lWeBO4gEkwGxh6ZnnCrejgAG0Zx
Mje1jFoi7eJa+czDzxm/ImdTvLJ9QO9tyY1WW1RxtTYsQQanfZ4rmResk5PO+INl
RB+3Xz2iWbS47RvJ++EK6J0bAH2SIpdn1JHWqU4vFeF63zrKU0tr+nI22T9Yk4Qa
N9JnYltce0O33RGCBe0WK6Oy9PWDlxk8P5/9qfvv1csE0rsiYYWCK5jGyLpHsZjU
bCEx2KwJVtziQZaTl9EQX1Z/nXY3Tqdyda0RS75/f5z6ggH8ywYZuf5qGiSCr9Tu
D0lNeZX75QY7JL8NKPP9l8vraWeIeeiHDg59hO5yPi/RrgzZeHv1M7b8ymewjV9s
tcy7Qtf1xlm6PcefFkSW6IrKysrM7sxYeTL/gRkGk5LnZhZl5p+E8jScAzr8FULE
z2qeVXPRW6syLDocleMlD0hqdawcfXR0YVDI4Lnu5LYe24foqFuWz1oPXGd9/imv
xvV1RnI5j9pAXtrn/otSYAYQwmVuxWC4zTW1MlssiRk6sFQeLrsfOraAIWEVCz14
FP0FiZIFLNbm39V67V6HFF+42wHFZQ7rejqc45Qaj6Xr0WA4LdSvY9TWk8b2EKSM
y8nQDGTc52M=
=HMwk
-----END PGP SIGNATURE-----