Adobe Security Updates for November 2017

Adobe has unleashed security patches for most of its major products in its November security updates. Security updates include products, Adobe Flash Player, Adobe Photoshop CC, Adobe InDesign, Adobe Connect, Adobe Acrobat and Reader, Adobe DNG Converter, Adobe Digital Editions, and Adobe shock player.

Total of 83 vulnerabilities have been issued with patch, which includes several critical vulnerabilities in Flash Player. Apart from that, 62 vulnerabilities are fixed in Adobe Acrobat and Reader applications. Remaining products have at least one flaw rated as critical.

Here are the details of Critical Security Updates and Security Advisory:


APSB17-33 (Adobe Flash Player):

  • An Out-of-bounds read vulnerability which leads to remote code execution. (CVE-2017-3112, CVE-2017-3114, CVE-2017-11213)
  • An Use after free vulnerability which leads to remote code execution. (CVE-2017-11215, CVE-2017-11225)
  • Affected Applications:
    Adobe Flash Player Desktop Run time 27.0.0.183 and earlier versions, on Windows, Macintosh, Linux.
    Adobe Flash Player for Google Chrome 27.0.0.183 and earlier versions.
    Adobe Flash Player for Microsoft Edge and Internet Explorer 11 27.0.0.183 and earlier versions.
  • Impact: Remote Code Execution.

APSB17-34 (Adobe Photoshop CC):

  • Memory corruption vulnerability which leads to remote code execution. (CVE-2017-11303)
  • An Use after free vulnerability which leads to remote code execution. (CVE-2017-11304)
  • Affected Applications:
    Photoshop CC 2017 18.1.1 (2017.1.1) and earlier versions.
  • Impact: Remote Code Execution.

APSB17-35 (Adobe Connect):

  • A Server-Side Request Forgery (SSRF) vulnerability, which leads to network access control bypass. (CVE-2017-11291)
  • Multiple Reflected Cross-site Scripting which leads to information disclosure vulnerability. (CVE-2017-11287, CVE-2017-11288, CVE-2017-11289)
  • A Clickjacking vulnerability which leads to information disclosure vulnerability. (CVE-2017-11290)
  • Affected Applications:
    Adobe Connect 9.6.2 and earlier
  • Impact: Information Disclosure.

APSB17-36 (Adobe Acrobat and Reader):


APSB17-37(Adobe DNG Converter):

  • An Unspecified Memory Corruption Vulnerability (CVE-2017-11295)
  • Affected Applications:
    Adobe DNG Converter 9.12.1 and earlier versions on Windows.
  • Impact: Memory Corruption.

APSB17-38(InDesign):

  • An unspecified memory corruption vulnerability which leads to remote code execution (CVE-2017-11302)
  • Affected Applications:
    InDesign 12.1.0 and earlier versions on Windows and Macintosh.
  • Impact: Remote Code Execution.

APSB17-39(Adobe Digital Editions):

  • An Unsafe parsing of XML External Entities leads to information disclosure. (CVE-2017-11273)
  • Multiple Out-of-bounds read vulnerability leads to memory address disclosure. (CVE-2017-11297, CVE-2017-11298, CVE-2017-11299, CVE-2017-11300)
  • Memory Corruption vulnerability leads to memory address disclosure. (CVE-2017-11301)
  • Affected Applications:
    Adobe Digital Editions 4.5.7 on Windows, Linux, and Macintosh.
  • Impact: Information Disclosure.

APSB17-40(Shockwave Player):

  • An unspecified memory corruption vulnerability which leads to remote code execution (CVE-2017-11294)
  • Affected Applications:
    Adobe Shockwave Player 12.2.9.199 and earlier.
  • Impact: Remote Code Execution.

APSB17-41(Adobe Experience Manager):

  • Reflected cross-site scripting vulnerability which leads to information disclosure. (CVE-2017-3109)
  • Sensitive token in HTTP GET request which leads to information disclosure. (CVE-2017-3111)
  • Cross-site scripting vulnerability which leads to information disclosure (CVE-2017-11296)
  • Affected Applications:
    Adobe Experience Manager 6.3, 6.2, 6.1, 6.0
  • Impact: Information Disclosue

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.


Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments