Adobe Security Updates for September 2017

Adobe has released four security updates for Adobe Flash Player (APSB17-28), Adobe RoboHelp(APSB17-28), and Adobe Cold Fusion (APSB17-30) which covers a total of 8 CVE’s.

Adobe Flash Player address two critical memory corruption vulnerabilities that could lead to code execution.

Adobe Cold Fusion address a critical XML parsing vulnerability, an important cross-site scripting vulnerability that could lead to information disclosure and a mitigation for unsafe Java deserialization that could result in remote code execution.

Adobe RoboHelp update resolves an important input validation vulnerability that could be used in a cross-site scripting attack, as well as an unvalidated URL redirect vulnerability rated moderate that could be used in phishing campaigns.

Priority of Patch :

Product: Adobe Flash Player
Severity Rating: Critical
Impact: Remote Code Execution

Product: Adobe ColdFusion
Severity Rating: Critical, Important
Impact: Remote Code Execution

Product: Adobe RoboHelp
Severity Rating: Important
Impact: Cross-site scripting

Here are the details of Critical Security Updates and Security Advisory:

APSB17-28 (Adobe Flash Player):

  • A memory corruption vulnerability which will lead to remote code execution. (CVE-2017-11281, CVE-2017-11282)
  • Affected Versions:
    Adobe Flash Player Desktop Runtime26.0.0.151 and earlier versions on Windows and Macintosh and Linux.Adobe Flash Player for Google Chrome and earlier versions on Windows, Macintosh, Linux, and ChromeOS.
    Adobe Flash Player for Microsoft Edge and Internet Explorer and earlier versions for Windows 10 and 8.1
  • Impact: Remote Code Execution

APSB17-30 (Adobe Cold Fusion):

  • An improper restriction of XML External Entity reference which will lead to information disclosure. (CVE-2017-11286)
  • An improper neutralization of input during web page generation which will lead to information disclosure. (CVE-2017-11285)
  • Deserialization of untrusted data leads to remote code execution. (CVE-2017-11283, CVE-2017-11284)
  • Affected Versions:
    ColdFusion 11 Update 12 and earlier versions.
    ColdFusion (2016 release) Update 4 and earlier versions.
  • Impact: Remote Code Execution

APSB17-25 (Adobe RoboHelp):

  • An improper neutralization of input during web page generation DOM-based cross-site scripting attack.(CVE-2017-3104)
  • An improper neutralization of input during web page generation which leads to open redirect attack.(CVE-2017-3105)
  • Affected Versions:
    RH2017.0.1 and earlier versions
    RH12.0.4.460 and earlier versions
  • Impact: Cross-site scripting

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments