Security updates available for Adobe Captivate | APSB17-19
Bulletin ID Date Published Last Updated Priority
APSB17-19 June 13, 2017 June 19, 2017 3

Summary

Adobe has released security updates for Adobe Captivate for Windows and Macintosh. These updates resolve a critical input validation vulnerability (CVE-2017-3098) in the quiz reporting feature that could be abused to read and write arbitrary files to the server, potentially resulting in remote code execution.  These updates also resolve an important information disclosure vulnerability (CVE-2017-3087), also in the quiz reporting feature. 

Affected product versions

Product Version Platform
Adobe Captivate 9 and earlier Windows and Macintosh

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Product Version Platform Priority Availability
Adobe Captivate 2017 10.0.0.192 Windows and Macintosh 3 Release note
Adobe Captivate 8 and 9 Hotfix Windows and Macintosh
3 Tech note

Vulnerability details

Vulnerability Category Vulnerability Impact Severity CVE Number
Improper Input Validation Information disclosure Important CVE-2017-3087
Improper Input Validation Remote code execution Critical CVE-2017-3098

Acknowledgments

Adobe would like to thank Tomas Rzepka for reporting this issue and for working with Adobe to help protect our customers.

Revisions

June 19, 2017: Modified the summary section and added reference to CVE-2017-3098, which was inadvertently omitted from the bulletin.