Bulletin ID
Security update available for RoboHelp | APSB17-25
Bulletin ID |
Date Published |
Priority |
---|---|---|
APSB17-25 |
September 12, 2017 |
3 |
Adobe has released a security update for RoboHelp for Windows. This update resolves an important input validation vulnerability that could be used in a cross-site scripting attack (CVE-2017-3104), as well as an unvalidated URL redirect vulnerability rated moderate that could be used in phishing campaigns (CVE-2017-3105).
Product |
Version |
Platform |
---|---|---|
RoboHelp |
RH2017.0.1 and earlier versions |
Windows |
RoboHelp |
RH12.0.4.460 and earlier versions |
Windows |
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Product |
Version |
Platform |
Priority |
Availability |
---|---|---|---|---|
RoboHelp |
RH2017.0.2 |
Windows |
3 |
|
RoboHelp |
RH12.0.4.460 (Hotfix) |
Windows |
3 |
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Numbers |
---|---|---|---|
Improper Neutralization of Input During Web Page Generation |
DOM-based cross-site scripting attack |
Important |
CVE-2017-3104 |
Improper Neutralization of Input During Web Page Generation |
Open Redirect attack |
Moderate |
CVE-2017-3105 |
Adobe would like to thank Reynold Regan of CNSI - Center for Technology & Innovation, Chennai for reporting both issues and for working with Adobe to help protect our customers.
Sign in to your account