Security updates available for Adobe Connect | APSB17-22
Bulletin ID Date Published Priority
APSB17-22 July 11, 2017 3

Summary

Adobe has released a security update for Adobe Connect for Windows. This update resolves two input validation vulnerabilities (CVE-2017-3102, CVE-2017-3103) that could be used in reflected and stored cross-site scripting attacks, respectively.  This update also includes a mitigation to protect users from UI redressing (or clickjacking) attacks (CVE-2017-3101). 

Affected product versions

Product Version Platform
Adobe Connect 9.6.1 and earlier Windows

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Product Version Platform Priority Availability
Adobe Connect 9.6.2 Windows 3 Release note

Vulnerability details

Vulnerability Category Vulnerability Impact Severity CVE Number
User Interface (UI) Misrepresentation of Critical Information Clickjacking attacks Moderate CVE-2017-3101
Improper Neutralization of Input During Web Page Generation
Cross-site scripting attacks Important CVE-2017-3102
Improper Neutralization of Input During Web Page Generation
Cross-site scripting attacks Important
CVE-2017-3103

Acknowledgments

Adobe would like to thank the following individuals for reporting these issues and for working with Adobe to help protect our customers:

  • Anas Roubi (CVE-2017-3101)
  • Adam Willard of Blue Canopy (CVE-2017-3102)
  • Alexis Laborier (CVE-2017-3103)

Revisions

20 July, 2017: Updated acknowledgement for CVE-2017-3102 to Blue Canopy.