Bulletin ID
Last updated on
May 16, 2021
|
Also applies to Captivate
Security updates available for Adobe Captivate | APSB17-19
|
|
Date Published |
Last Updated |
Priority |
|---|---|---|---|
|
APSB17-19 |
June 13, 2017 |
June 19, 2017 |
3 |
Summary
Adobe has released security updates for Adobe Captivate for Windows and Macintosh. These updates resolve a critical input validation vulnerability (CVE-2017-3098) in the quiz reporting feature that could be abused to read and write arbitrary files to the server, potentially resulting in remote code execution. These updates also resolve an important information disclosure vulnerability (CVE-2017-3087), also in the quiz reporting feature.
Affected product versions
|
Product |
Version |
Platform |
|---|---|---|
|
Adobe Captivate |
9 and earlier |
Windows and Macintosh |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
|
Product |
Version |
Platform |
Priority |
Availability |
|---|---|---|---|---|
|
Adobe Captivate 2017 |
10.0.0.192 |
Windows and Macintosh |
3 |
|
|
Adobe Captivate 8 and 9 |
Hotfix |
Windows and Macintosh |
3 |
Vulnerability details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Number |
|---|---|---|---|
|
Improper Input Validation |
Information disclosure |
Important |
CVE-2017-3087 |
|
Improper Input Validation |
Remote code execution |
Critical |
CVE-2017-3098 |
Acknowledgments
Adobe would like to thank Tomas Rzepka for reporting this issue and for working with Adobe to help protect our customers.
Revisions
June 19, 2017: Modified the summary section and added reference to CVE-2017-3098, which was inadvertently omitted from the bulletin.
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online