Adobe Security Bulletin

On this page

Summary
Affected product versions
Solution
Vulnerability details
Acknowledgments
Revisions

Applies to: Adobe Connect

某些 Creative Cloud 应用程序、服务和功能在中国不可用。

Security updates available for Adobe Connect | APSB17-22

Bulletin ID	Date Published	Priority
APSB17-22	July 11, 2017	3

Adobe has released a security update for Adobe Connect for Windows. This update resolves two input validation vulnerabilities (CVE-2017-3102, CVE-2017-3103) that could be used in reflected and stored cross-site scripting attacks, respectively. This update also includes a mitigation to protect users from UI redressing (or clickjacking) attacks (CVE-2017-3101).

CVE-2017-3101

Product	Version	Platform
Adobe Connect	9.6.1 and earlier	Windows

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Product	Version	Platform	Priority	Availability
Adobe Connect	9.6.2	Windows	3	Release note

Vulnerability Category	Vulnerability Impact	Severity	CVE Number
User Interface (UI) Misrepresentation of Critical Information	Clickjacking attacks	Moderate	CVE-2017-3101
Improper Neutralization of Input During Web Page Generation	Cross-site scripting attacks	Important	CVE-2017-3102
Improper Neutralization of Input During Web Page Generation	Cross-site scripting attacks	Important	CVE-2017-3103

Adobe would like to thank the following individuals for reporting these issues and for working with Adobe to help protect our customers:

Anas Roubi (CVE-2017-3101)
Adam Willard of Blue Canopy (CVE-2017-3102)
Alexis Laborier (CVE-2017-3103)

20 July, 2017: Updated acknowledgement for CVE-2017-3102 to Blue Canopy.

Adobe Security Bulletin

Summary

Affected product versions

Solution

Vulnerability details

Acknowledgments

Revisions

Ask the Community

Contact Us