Security update available for RoboHelp | APSB17-25
Bulletin ID Date Published Priority
APSB17-25 September 12, 2017 3

Summary

Adobe has released a security update for RoboHelp for Windows. This update resolves an important input validation vulnerability that could be used in a cross-site scripting attack (CVE-2017-3104), as well as an unvalidated URL redirect vulnerability rated moderate that could be used in phishing campaigns (CVE-2017-3105).

Affected product versions

Product Version Platform
RoboHelp RH2017.0.1 and earlier versions Windows
RoboHelp RH12.0.4.460 and earlier versions Windows

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Product Version Platform Priority Availability
RoboHelp RH2017.0.2
Windows 3

Download

RoboHelp RH12.0.4.460 (Hotfix)
Windows  3 Technical Note

Note:

  • Refer to the Release notes for instructions to download and apply the update.   
  • Refer to the Knowledge Base article for instructions to download and apply the fix on RoboHelp 2015. 

Vulnerability details

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Improper Neutralization of Input During Web Page Generation DOM-based cross-site scripting attack Important CVE-2017-3104
Improper Neutralization of Input During Web Page Generation Open Redirect attack Moderate CVE-2017-3105

Acknowledgments

Adobe would like to thank Reynold Regan of CNSI - Center for Technology & Innovation, Chennai for reporting both issues and for working with Adobe to help protect our customers.