Adobe Security Bulletin

Security update available for RoboHelp | APSB17-25

Bulletin ID

Date Published

Priority

APSB17-25

September 12, 2017

3

Summary

Adobe has released a security update for RoboHelp for Windows. This update resolves an important input validation vulnerability that could be used in a cross-site scripting attack (CVE-2017-3104), as well as an unvalidated URL redirect vulnerability rated moderate that could be used in phishing campaigns (CVE-2017-3105).

Affected product versions

Product

Version

Platform

RoboHelp

RH2017.0.1 and earlier versions

Windows

RoboHelp

RH12.0.4.460 and earlier versions

Windows

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Product

Version

Platform

Priority

Availability

RoboHelp

RH2017.0.2

Windows

3

RoboHelp

RH12.0.4.460 (Hotfix)

Windows 

3

Poznámka:
  • Refer to the Release notes for instructions to download and apply the update.   
  • Refer to the Knowledge Base article for instructions to download and apply the fix on RoboHelp 2015. 

Vulnerability details

Vulnerability Category

Vulnerability Impact

Severity

CVE Numbers

Improper Neutralization of Input During Web Page Generation

DOM-based cross-site scripting attack

Important

CVE-2017-3104

Improper Neutralization of Input During Web Page Generation

Open Redirect attack

Moderate

CVE-2017-3105

Acknowledgments

Adobe would like to thank Reynold Regan of CNSI - Center for Technology & Innovation, Chennai for reporting both issues and for working with Adobe to help protect our customers.

Logo Adobe

Prihláste sa do svojho účtu