Security updates available for Adobe Connect

Security updates available for Adobe Connect | APSB17-22

Bulletin ID	Date Published	Priority
APSB17-22	July 11, 2017	3

Summary

Adobe has released a security update for Adobe Connect for Windows. This update resolves two input validation vulnerabilities (CVE-2017-3102, CVE-2017-3103) that could be used in reflected and stored cross-site scripting attacks, respectively.  This update also includes a mitigation to protect users from UI redressing (or clickjacking) attacks (CVE-2017-3101). 

CVE-2017-3101

Affected product versions

Product	Version	Platform
Adobe Connect	9.6.1 and earlier	Windows

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Product	Version	Platform	Priority	Availability
Adobe Connect	9.6.2	Windows	3	Release note

Vulnerability details

Vulnerability Category	Vulnerability Impact	Severity	CVE Number
User Interface (UI) Misrepresentation of Critical Information	Clickjacking attacks	Moderate	CVE-2017-3101
Improper Neutralization of Input During Web Page Generation	Cross-site scripting attacks	Important	CVE-2017-3102
Improper Neutralization of Input During Web Page Generation	Cross-site scripting attacks	Important	CVE-2017-3103

Acknowledgments

Adobe would like to thank the following individuals for reporting these issues and for working with Adobe to help protect our customers:

• Anas Roubi (CVE-2017-3101)
• Adam Willard of Raytheon Foreground Security (CVE-2017-3102)
  
• Alexis Laborier (CVE-2017-3103)