Bulletin ID
Last updated on
16 May 2021
|
Also applies to RoboHelp
Security update available for RoboHelp | APSB17-25
|
|
Date Published |
Priority |
|---|---|---|
|
APSB17-25 |
September 12, 2017 |
3 |
Summary
Adobe has released a security update for RoboHelp for Windows. This update resolves an important input validation vulnerability that could be used in a cross-site scripting attack (CVE-2017-3104), as well as an unvalidated URL redirect vulnerability rated moderate that could be used in phishing campaigns (CVE-2017-3105).
Affected product versions
|
Product |
Version |
Platform |
|---|---|---|
|
RoboHelp |
RH2017.0.1 and earlier versions |
Windows |
|
RoboHelp |
RH12.0.4.460 and earlier versions |
Windows |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
|
Product |
Version |
Platform |
Priority |
Availability |
|---|---|---|---|---|
|
RoboHelp |
RH2017.0.2 |
Windows |
3 |
|
|
RoboHelp |
RH12.0.4.460 (Hotfix) |
Windows |
3 |
Note:
- Refer to the Release notes for instructions to download and apply the update.
- Refer to the Knowledge Base article for instructions to download and apply the fix on RoboHelp 2015.
Vulnerability details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Numbers |
|---|---|---|---|
|
Improper Neutralization of Input During Web Page Generation |
DOM-based cross-site scripting attack |
Important |
CVE-2017-3104 |
|
Improper Neutralization of Input During Web Page Generation |
Open Redirect attack |
Moderate |
CVE-2017-3105 |
Acknowledgments
Adobe would like to thank Reynold Regan of CNSI - Center for Technology & Innovation, Chennai for reporting both issues and for working with Adobe to help protect our customers.