Adobe Security Bulletin

Security update available for RoboHelp | APSB17-25

Bulletin ID	Date Published	Priority
APSB17-25	September 12, 2017	3

Adobe has released a security update for RoboHelp for Windows. This update resolves an important input validation vulnerability that could be used in a cross-site scripting attack (CVE-2017-3104), as well as an unvalidated URL redirect vulnerability rated moderate that could be used in phishing campaigns (CVE-2017-3105).

Product	Version	Platform
RoboHelp	RH2017.0.1 and earlier versions	Windows
RoboHelp	RH12.0.4.460 and earlier versions	Windows

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Product	Version	Platform	Priority	Availability
RoboHelp	RH2017.0.2	Windows	3	Download
RoboHelp	RH12.0.4.460 (Hotfix)	Windows	3	Technical Note

Note:

Refer to the Release notes for instructions to download and apply the update.
Refer to the Knowledge Base article for instructions to download and apply the fix on RoboHelp 2015.

Vulnerability Category	Vulnerability Impact	Severity	CVE Numbers
Improper Neutralization of Input During Web Page Generation	DOM-based cross-site scripting attack	Important	CVE-2017-3104
Improper Neutralization of Input During Web Page Generation	Open Redirect attack	Moderate	CVE-2017-3105

Adobe would like to thank Reynold Regan of CNSI - Center for Technology & Innovation, Chennai for reporting both issues and for working with Adobe to help protect our customers.

Adobe Security Bulletin

Summary

Affected product versions

Solution

Vulnerability details

Acknowledgments

Ask the Community

Contact Us