Release date: November 8, 2016
Vulnerability identifier: APSB16-35
CVE number: CVE-2016-7851
Adobe has released a security update for Adobe Connect for Windows. This update resolves an input validation vulnerability in the events registration module that could be used in cross-site scripting attacks. Adobe recommends users update their product installation using the instructions provided in the “Solution” Section below.
Adobe recommends customers update the Connect instance to the newest version by following the instructions below.
Note: This issue will be automatically resolved for Connect customers using Adobe's hosted services once the account is upgraded to Connect 9.5.7.
Adobe would like to thank Benjamin Kunz Mejri of Vulnerability Laboratory [Research Team] for reporting this issue (CVE-2016-7851) and for working with Adobe to help protect our customers.