Adobe has unleashed security patches for most of its major products in its November security updates. Security updates include products, Adobe Flash Player, Adobe Photoshop CC, Adobe InDesign, Adobe Connect, Adobe Acrobat and Reader, Adobe DNG Converter, Adobe Digital Editions, and Adobe shock player.

Total of 83 vulnerabilities have been issued with patch, which includes several critical vulnerabilities in Flash Player. Apart from that, 62 vulnerabilities are fixed in Adobe Acrobat and Reader applications. Remaining products have at least one flaw rated as critical.

Here are the details of Critical Security Updates and Security Advisory:


APSB17-33 (Adobe Flash Player):

  • An Out-of-bounds read vulnerability which leads to remote code execution. (CVE-2017-3112, CVE-2017-3114, CVE-2017-11213)
  • An Use after free vulnerability which leads to remote code execution. (CVE-2017-11215, CVE-2017-11225)
  • Affected Applications:
    Adobe Flash Player Desktop Run time 27.0.0.183 and earlier versions, on Windows, Macintosh, Linux.
    Adobe Flash Player for Google Chrome 27.0.0.183 and earlier versions.
    Adobe Flash Player for Microsoft Edge and Internet Explorer 11 27.0.0.183 and earlier versions.
  • Impact: Remote Code Execution.

APSB17-34 (Adobe Photoshop CC):

  • Memory corruption vulnerability which leads to remote code execution. (CVE-2017-11303)
  • An Use after free vulnerability which leads to remote code execution. (CVE-2017-11304)
  • Affected Applications:
    Photoshop CC 2017 18.1.1 (2017.1.1) and earlier versions.
  • Impact: Remote Code Execution.

APSB17-35 (Adobe Connect):

  • A Server-Side Request Forgery (SSRF) vulnerability, which leads to network access control bypass. (CVE-2017-11291)
  • Multiple Reflected Cross-site Scripting which leads to information disclosure vulnerability. (CVE-2017-11287, CVE-2017-11288, CVE-2017-11289)
  • A Clickjacking vulnerability which leads to information disclosure vulnerability. (CVE-2017-11290)
  • Affected Applications:
    Adobe Connect 9.6.2 and earlier
  • Impact: Information Disclosure.

APSB17-36 (Adobe Acrobat and Reader):


APSB17-37(Adobe DNG Converter):

  • An Unspecified Memory Corruption Vulnerability (CVE-2017-11295)
  • Affected Applications:
    Adobe DNG Converter 9.12.1 and earlier versions on Windows.
  • Impact: Memory Corruption.

APSB17-38(InDesign):

  • An unspecified memory corruption vulnerability which leads to remote code execution (CVE-2017-11302)
  • Affected Applications:
    InDesign 12.1.0 and earlier versions on Windows and Macintosh.
  • Impact: Remote Code Execution.

APSB17-39(Adobe Digital Editions):

  • An Unsafe parsing of XML External Entities leads to information disclosure. (CVE-2017-11273)
  • Multiple Out-of-bounds read vulnerability leads to memory address disclosure. (CVE-2017-11297, CVE-2017-11298, CVE-2017-11299, CVE-2017-11300)
  • Memory Corruption vulnerability leads to memory address disclosure. (CVE-2017-11301)
  • Affected Applications:
    Adobe Digital Editions 4.5.7 on Windows, Linux, and Macintosh.
  • Impact: Information Disclosure.

APSB17-40(Shockwave Player):

  • An unspecified memory corruption vulnerability which leads to remote code execution (CVE-2017-11294)
  • Affected Applications:
    Adobe Shockwave Player 12.2.9.199 and earlier.
  • Impact: Remote Code Execution.

APSB17-41(Adobe Experience Manager):

  • Reflected cross-site scripting vulnerability which leads to information disclosure. (CVE-2017-3109)
  • Sensitive token in HTTP GET request which leads to information disclosure. (CVE-2017-3111)
  • Cross-site scripting vulnerability which leads to information disclosure (CVE-2017-11296)
  • Affected Applications:
    Adobe Experience Manager 6.3, 6.2, 6.1, 6.0
  • Impact: Information Disclosue

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.


Summary
Adobe Security Updates for November 2017
Article Name
Adobe Security Updates for November 2017
Author
Publisher Name
SecPod Technologies
Publisher Logo
Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>