Adobe Security Bulletin

Security updates available for Adobe Captivate | APSB17-19

Bulletin ID

Date Published

Last Updated

Priority

APSB17-19

June 13, 2017

June 19, 2017

3

Summary

Adobe has released security updates for Adobe Captivate for Windows and Macintosh. These updates resolve a critical input validation vulnerability (CVE-2017-3098) in the quiz reporting feature that could be abused to read and write arbitrary files to the server, potentially resulting in remote code execution.  These updates also resolve an important information disclosure vulnerability (CVE-2017-3087), also in the quiz reporting feature. 

Affected product versions

Product

Version

Platform

Adobe Captivate

9 and earlier

Windows and Macintosh

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Product

Version

Platform

Priority

Availability

Adobe Captivate 2017

10.0.0.192

Windows and Macintosh

3

Adobe Captivate 8 and 9

Hotfix

Windows and Macintosh

3

Vulnerability details

Vulnerability Category

Vulnerability Impact

Severity

CVE Number

Improper Input Validation

Information disclosure

Important

CVE-2017-3087

Improper Input Validation

Remote code execution

Critical

CVE-2017-3098

Acknowledgments

Adobe would like to thank Tomas Rzepka for reporting this issue and for working with Adobe to help protect our customers.

Revisions

June 19, 2017: Modified the summary section and added reference to CVE-2017-3098, which was inadvertently omitted from the bulletin.

Логотип Adobe

Увійдіть до облікового запису