Adobe Security Updates for November 2017

  • Post author:
  • Reading time:14 mins read

adobe security updates november

Adobe Security Updates November 2017 has unleashed security patches for most of its major products in its November security updates. Security updates include products, Adobe Flash Player, Adobe Photoshop CC, Adobe InDesign, Adobe Connect, Adobe Acrobat and Reader, Adobe DNG Converter, Adobe Digital Editions, and Adobe shock player. Also, a vulnerability management tool is essential here.

Total of 83 vulnerabilities have been issued with patch, which includes several critical vulnerabilities in Flash Player. Apart from that, 62 vulnerabilities are fixed in Adobe Acrobat and Reader applications. Remaining products have at least one flaw rated as critical. A patch management solution can fix these critical vulnerabilites.

Adobe Security Updates November 2017 details:


APSB17-33 (Adobe Flash Player):

  • An Out-of-bounds read vulnerability which leads to remote code execution. (CVE-2017-3112, CVE-2017-3114, CVE-2017-11213)
  • An Use after free vulnerability which leads to remote code execution. (CVE-2017-11215, CVE-2017-11225)
  • Affected Applications:
    Adobe Flash Player Desktop Run time 27.0.0.183 and earlier versions, on Windows, Macintosh, Linux.
    Adobe Flash Player for Google Chrome 27.0.0.183 and earlier versions.
    Adobe Flash Player for Microsoft Edge and Internet Explorer 11 27.0.0.183 and earlier versions.
  • Impact: Remote Code Execution.

APSB17-34 (Adobe Photoshop CC):

  • Memory corruption vulnerability which leads to remote code execution. (CVE-2017-11303)
  • An Use after free vulnerability which leads to remote code execution. (CVE-2017-11304)
  • Affected Applications:
    Photoshop CC 2017 18.1.1 (2017.1.1) and earlier versions.
  • Impact: Remote Code Execution.

APSB17-35 (Adobe Connect):

  • A Server-Side Request Forgery (SSRF) vulnerability, which leads to network access control bypass. (CVE-2017-11291)
  • Multiple Reflected Cross-site Scripting which leads to information disclosure vulnerability. (CVE-2017-11287, CVE-2017-11288, CVE-2017-11289)
  • A Clickjacking vulnerability which leads to information disclosure vulnerability. (CVE-2017-11290)
  • Affected Applications:
    Adobe Connect 9.6.2 and earlier
  • Impact: Information Disclosure.

APSB17-36 (Adobe Acrobat and Reader):


APSB17-37(Adobe DNG Converter):

  • An Unspecified Memory Corruption Vulnerability (CVE-2017-11295)
  • Affected Applications:
    Adobe DNG Converter 9.12.1 and earlier versions on Windows.
  • Impact: Memory Corruption.

APSB17-38(InDesign):

  • An unspecified memory corruption vulnerability which leads to remote code execution (CVE-2017-11302)
  • Affected Applications:
    InDesign 12.1.0 and earlier versions on Windows and Macintosh.
  • Impact: Remote Code Execution.

APSB17-39(Adobe Digital Editions):

  • An Unsafe parsing of XML External Entities leads to information disclosure. (CVE-2017-11273)
  • Multiple Out-of-bounds read vulnerability leads to memory address disclosure. (CVE-2017-11297, CVE-2017-11298, CVE-2017-11299 and then CVE-2017-11300)
  • Memory Corruption vulnerability leads to memory address disclosure. (CVE-2017-11301)
  • Affected Applications:
    Adobe Digital Editions 4.5.7 on Windows, Linux, and Macintosh.
  • Impact: Information Disclosure.

APSB17-40(Shockwave Player):

  • An unspecified memory corruption vulnerability which leads to remote code execution (CVE-2017-11294)
  • Affected Applications:
    Adobe Shockwave Player 12.2.9.199 and earlier.
  • Impact: Remote Code Execution.

APSB17-41(Adobe Experience Manager):

  • Reflected cross-site scripting vulnerability which leads to information disclosure. (CVE-2017-3109)
  • Sensitive token in HTTP GET request which leads to information disclosure. (CVE-2017-3111)
  • Cross-site scripting vulnerability which leads to information disclosure (CVE-2017-11296)
  • Affected Applications:
    Adobe Experience Manager 6.3, 6.2, 6.1, 6.0
  • Impact: Information Disclosue

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.