Bulletin ID
Security updates available for Adobe Connect | APSB17-22
|  | Date Published | Priority | 
|---|---|---|
| APSB17-22 | July 11, 2017 | 3 | 
Summary
Adobe has released a security update for Adobe Connect for Windows. This update resolves two input validation vulnerabilities (CVE-2017-3102, CVE-2017-3103) that could be used in reflected and stored cross-site scripting attacks, respectively. This update also includes a mitigation to protect users from UI redressing (or clickjacking) attacks (CVE-2017-3101).
Affected product versions
| Product | Version | Platform | 
|---|---|---|
| Adobe Connect | 9.6.1 and earlier | Windows | 
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
| Product | Version | Platform | Priority | Availability | 
|---|---|---|---|---|
| Adobe Connect | 9.6.2 | Windows | 3 | 
Vulnerability details
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number | 
|---|---|---|---|
| User Interface (UI) Misrepresentation of Critical Information | Clickjacking attacks | Moderate | CVE-2017-3101 | 
| Improper Neutralization of Input During Web Page Generation | Cross-site scripting attacks | Important | CVE-2017-3102 | 
| Improper Neutralization of Input During Web Page Generation | Cross-site scripting attacks | Important | CVE-2017-3103 | 
Acknowledgments
Adobe would like to thank the following individuals for reporting these issues and for working with Adobe to help protect our customers:
- Anas Roubi (CVE-2017-3101)
- Adam Willard of Blue Canopy (CVE-2017-3102)
 
- Alexis Laborier (CVE-2017-3103)
Revisions
20 July, 2017: Updated acknowledgement for CVE-2017-3102 to Blue Canopy.