Adobe Security Bulletin

Security updates available for Adobe Connect | APSB17-22

Bulletin ID

Date Published

Priority

APSB17-22

July 11, 2017

3

Summary

Adobe has released a security update for Adobe Connect for Windows. This update resolves two input validation vulnerabilities (CVE-2017-3102, CVE-2017-3103) that could be used in reflected and stored cross-site scripting attacks, respectively.  This update also includes a mitigation to protect users from UI redressing (or clickjacking) attacks (CVE-2017-3101). 

Affected product versions

Product

Version

Platform

Adobe Connect

9.6.1 and earlier

Windows

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Product

Version

Platform

Priority

Availability

Adobe Connect

9.6.2

Windows

3

Vulnerability details

Vulnerability Category

Vulnerability Impact

Severity

CVE Number

User Interface (UI) Misrepresentation of Critical Information

Clickjacking attacks

Moderate

CVE-2017-3101

Improper Neutralization of Input During Web Page Generation

Cross-site scripting attacks

Important

CVE-2017-3102

Improper Neutralization of Input During Web Page Generation

Cross-site scripting attacks

Important

CVE-2017-3103

Acknowledgments

Adobe would like to thank the following individuals for reporting these issues and for working with Adobe to help protect our customers:

  • Anas Roubi (CVE-2017-3101)
  • Adam Willard of Blue Canopy (CVE-2017-3102)
  • Alexis Laborier (CVE-2017-3103)

Revisions

20 July, 2017: Updated acknowledgement for CVE-2017-3102 to Blue Canopy.

Logo Adobe

Prihláste sa do svojho účtu