Bulletin ID
Last updated on
17 May 2021
|
Also applies to RoboHelp
Security update available for RoboHelp | APSB17-25
|
|
Date Published |
Priority |
|---|---|---|
|
APSB17-25 |
September 12, 2017 |
3 |
Summary
Adobe has released a security update for RoboHelp for Windows. This update resolves an important input validation vulnerability that could be used in a cross-site scripting attack (CVE-2017-3104), as well as an unvalidated URL redirect vulnerability rated moderate that could be used in phishing campaigns (CVE-2017-3105).
Affected product versions
|
Product |
Version |
Platform |
|---|---|---|
|
RoboHelp |
RH2017.0.1 and earlier versions |
Windows |
|
RoboHelp |
RH12.0.4.460 and earlier versions |
Windows |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
|
Product |
Version |
Platform |
Priority |
Availability |
|---|---|---|---|---|
|
RoboHelp |
RH2017.0.2 |
Windows |
3 |
|
|
RoboHelp |
RH12.0.4.460 (Hotfix) |
Windows |
3 |
Note:
- Refer to the Release notes for instructions to download and apply the update.
- Refer to the Knowledge Base article for instructions to download and apply the fix on RoboHelp 2015.
Vulnerability details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Numbers |
|---|---|---|---|
|
Improper Neutralization of Input During Web Page Generation |
DOM-based cross-site scripting attack |
Important |
CVE-2017-3104 |
|
Improper Neutralization of Input During Web Page Generation |
Open Redirect attack |
Moderate |
CVE-2017-3105 |
Acknowledgments
Adobe would like to thank Reynold Regan of CNSI - Center for Technology & Innovation, Chennai for reporting both issues and for working with Adobe to help protect our customers.
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online
Adobe MAX
The Creativity Conference
Oct 14–16 Miami Beach and online