Adobe has released security updates for Adobe Captivate for Windows and Macintosh. These updates resolve a critical input validation vulnerability (CVE-2017-3098) in the quiz reporting feature that could be abused to read and write arbitrary files to the server, potentially resulting in remote code execution. These updates also resolve an important information disclosure vulnerability (CVE-2017-3087), also in the quiz reporting feature.
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
|Adobe Captivate 2017||10.0.0.192||Windows and Macintosh||3||Release note|
|Adobe Captivate 8 and 9||Hotfix||Windows and Macintosh
|Vulnerability Category||Vulnerability Impact||Severity||CVE Number|
|Improper Input Validation||Information disclosure||Important||CVE-2017-3087
|Improper Input Validation||Remote code execution||Critical||CVE-2017-3098|
Adobe would like to thank Tomas Rzepka for reporting this issue and for working with Adobe to help protect our customers.