CVE-2020-3760 – CVE-2020-3760 is a command injection vulnerabil... (How to Fix)

Q: What is the severity of CVE-2020-3760?

CVE-2020-3760 has a CVSS score of 9.8 (CRITICAL). CVE-2020-3760 is a command injection vulnerability in Adobe Digital Editions that allows attackers to execute arbitrary code on affected systems. Users running Adobe Digital Editions versions 4.5.10 and below are vulnerable. Successful exploitation could lead to complete system compromise.

📋 TL;DR

CVE-2020-3760 is a command injection vulnerability in Adobe Digital Editions that allows attackers to execute arbitrary code on affected systems. Users running Adobe Digital Editions versions 4.5.10 and below are vulnerable. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:

Adobe Digital Editions

Versions: 4.5.10 and below

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Digital Editions by Adobe

View all CVEs affecting Digital Editions →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, data theft, ransomware deployment, and persistent backdoor installation.

🟠

Likely Case

Local privilege escalation leading to user data theft, malware installation, or system disruption.

🟢

If Mitigated

Limited impact with proper network segmentation and endpoint protection blocking malicious payloads.

🌐 Internet-Facing: LOW with brief explanation

🏢 Internal Only: MEDIUM with brief explanation

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction such as opening a malicious EPUB file. No public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.5.11 and above

Vendor Advisory: https://helpx.adobe.com/security/products/Digital-Editions/apsb20-07.html

Restart Required: Yes

Instructions:

1. Open Adobe Digital Editions. 2. Go to Help > Check for Updates. 3. Follow prompts to install version 4.5.11 or later. 4. Restart the application.

🔧 Temporary Workarounds

Disable automatic EPUB processing

all

Prevent automatic opening of EPUB files by changing file association settings

Restrict user privileges

all

Run Adobe Digital Editions with limited user privileges to reduce impact

🧯 If You Can't Patch

Uninstall Adobe Digital Editions if not required for business operations
Implement application whitelisting to prevent execution of unauthorized binaries

🔍 How to Verify

Check if Vulnerable:

Check Adobe Digital Editions version in Help > About. If version is 4.5.10 or below, system is vulnerable.

Check Version:

On Windows: Check registry at HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Digital Editions\Version. On macOS: Check /Applications/Adobe Digital Editions.app/Contents/Info.plist

Verify Fix Applied:

Verify version is 4.5.11 or higher in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from Adobe Digital Editions
Suspicious command-line arguments in process execution logs

Network Indicators:

Unexpected outbound connections from Adobe Digital Editions process

SIEM Query:

Process creation where parent_process contains 'DigitalEditions' and (command_line contains 'cmd' OR command_line contains 'powershell' OR command_line contains suspicious characters)

📊 Metadata

CVE ID: CVE-2020-3760

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: February 13, 2020

Last Updated: November 21, 2024

🔗 References

https://helpx.adobe.com/security/products/Digital-Editions/apsb20-07.html Patch,Vendor Advisory
https://helpx.adobe.com/security/products/Digital-Editions/apsb20-07.html Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-3760, you might also want to check these: