• Home
  • News
  • Security
  • Adobe Patches Security Bugs in Flash Player, ColdFusion, RoboHelp

Adobe Patches Security Bugs in Flash Player, ColdFusion, RoboHelp

  • September 12, 2017
  • 11:18 AM
  • 0

Adobe logo

Adobe just released its monthly security updates and this month the company patched vulnerabilities in three products — Adobe Flash Player, Adobe ColdFusion, and Adobe RoboHelp, the company's lesser known help authoring tool (HAT), used for the creation of online or offline documentation and help files.

In total, Adobe patched eight security bugs — two in Flash Player, four in ColdFusion, and two in RoboHelp.

The company did not receive reports of public exploits or in-the-wild attacks for any of the patched issues, but that doesn't mean system administrators can skip this month's security updates.

Adobe Security Update Summary:

APSB17-28 Security updates available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address two critical memory corruption vulnerabilities that could lead to code execution. The latest Adobe Flash Player version number is now: 27.0.0.130.

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Memory Corruption Remote Code Execution Critical CVE-2017-11281
Memory Corruption Remote Code Execution Critical CVE-2017-11282

APSB17-30 Security updates available for ColdFusion

Adobe has released security updates for ColdFusion version 11 and the 2016 release. These updates address a critical XML parsing vulnerability (CVE-2017-11286), an important cross-site scripting vulnerability (CVE-2017-11285) that could lead to information disclosure and a mitigation for unsafe Java deserialization that could result in remote code execution (CVE-2017-11283, CVE-2017-11284). The latest Adobe ColdFusion version number is now: 2016 Release Update 5 and v11 Update 13.

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Improper Restriction of XML External Entity Reference Information disclosure Critical CVE-2017-11286
Improper Neutralization of Input During Web Page Generation (Cross-site scripting) Information disclosure Important CVE-2017-11285
Deserialization of Untrusted Data Remote code execution Critical CVE-2017-11283, CVE-2017-11284

APSB17-25 Security updates available for RoboHelp

Adobe has released a security update for RoboHelp for Windows. This update resolves an important input validation vulnerability that could be used in a cross-site scripting attack (CVE-2017-3104), as well as an unvalidated URL redirect vulnerability rated moderate that could be used in phishing campaigns (CVE-2017-3105). The latest Adobe RoboHelp version number is now:  RH2017.0.2 and RH12.0.4.460 (Hotfix).

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Improper Neutralization of Input During Web Page Generation DOM-based cross-site scripting attack Important CVE-2017-3104
Improper Neutralization of Input During Web Page Generation Open Redirect attack Moderate CVE-2017-3105
Catalin Cimpanu
Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/Jabber address at campuscodi@xmpp.is. For other contact methods, please visit Catalin's author page.
Post a Comment Community Rules
You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Newsletter Sign Up

To receive periodic updates and news from BleepingComputer, please use the form below.

Latest Downloads

Login

Remember Me
Sign in anonymously

Reporter

Help us understand the problem. What is going on with this comment?

Learn more about what is not allowed to be posted.

SUBMIT