Adobe Digital Editions April 2023 Security Update Probelms

Question

For starters the main download page at https://www.adobe.com/solutions/ebook/digital-editions/download.html still points to an older build that has vulnerability CVE-2023-21582.

Secondly, once you find the updated application, the installer for the patched version does not set the correct version number in the registry which has been a problem for every 4.5.x version of ADE.

The installer sets the version number to 4.5.11.0 in the registry which means all security scanning applications see the application as an older version what has security vulnerabilities. The ADE application version needs to be updated to 4.5.12 as build numbers should be used for internal development and not customer facing applications. A security patch should increment the minor version number. See: https://semver.org/

Please repackage the application so that the internal version number reflects a minor build update and fix the installer to set the correct application version number in the registry.

At the very least if you are not going to follow standard versioning practices as least fix the installer to set the build number in the registry so that users and other applications can tell which version is installed.

AN-ADOBE-USER · Accepted Answer

In case you want to fix this yourself post install, or whomever configures the installer sees this thread, below are the two registry keys that are in error.

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Adobe\Adobe Digital Editions 4.5]

"ProductVersion"="4.5.11.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Digital Editions 4.5]

"DisplayVersion"="4.5.11.0"

This is what the keys should be after installing the 4.5.11.187658 build that is current as of April 2023.

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Adobe\Adobe Digital Editions 4.5]

"ProductVersion"="4.5.11.187658"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Digital Editions 4.5]

"DisplayVersion"="4.5.11.187658"

*** Insert standard backup your registry warning here. 🙂 ***

Attached to this post is a registry import file. Remove the ".txt" from the end of the file and import it to correct the errors in the two keys found in the installer.

AN-ADOBE-USER · Answer

Adobe just released a new version of ADE (4.5.12) and this time it is a minor version upgrade instead of a build version upgrade. They did this specifically to address the issue that asset management and vulnerability management tools were not able to correctly detect the installed version because in the past the installer was not correctly setting the required registry keys. The download page with the new build is at ADOBE DIGITAL EDITIONS Download - https://www.adobe.com/

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded