Adobe has released four security updates for Adobe Flash Player (APSB17-28), Adobe RoboHelp(APSB17-28), and Adobe Cold Fusion (APSB17-30) which covers a total of 8 CVE’s.
Adobe Flash Player address two critical memory corruption vulnerabilities that could lead to code execution.
Adobe Cold Fusion address a critical XML parsing vulnerability, an important cross-site scripting vulnerability that could lead to information disclosure and a mitigation for unsafe Java deserialization that could result in remote code execution.
Adobe RoboHelp update resolves an important input validation vulnerability that could be used in a cross-site scripting attack, as well as an unvalidated URL redirect vulnerability rated moderate that could be used in phishing campaigns.
Priority of Patch :
Product: Adobe Flash Player
Severity Rating: Critical
Impact: Remote Code Execution
Product: Adobe ColdFusion
Severity Rating: Critical, Important
Impact: Remote Code Execution
Product: Adobe RoboHelp
Severity Rating: Important
Impact: Cross-site scripting
Here are the details of Critical Security Updates and Security Advisory:
APSB17-28 (Adobe Flash Player):
- A memory corruption vulnerability which will lead to remote code execution. (CVE-2017-11281, CVE-2017-11282)
- Affected Versions:
Adobe Flash Player Desktop Runtime26.0.0.151 and earlier versions on Windows and Macintosh and Linux.Adobe Flash Player for Google Chrome 26.0.0.151 and earlier versions on Windows, Macintosh, Linux, and ChromeOS.
Adobe Flash Player for Microsoft Edge and Internet Explorer 26.0.0.151 and earlier versions for Windows 10 and 8.1 - Impact: Remote Code Execution
APSB17-30 (Adobe Cold Fusion):
- An improper restriction of XML External Entity reference which will lead to information disclosure. (CVE-2017-11286)
- An improper neutralization of input during web page generation which will lead to information disclosure. (CVE-2017-11285)
- Deserialization of untrusted data leads to remote code execution. (CVE-2017-11283, CVE-2017-11284)
- Affected Versions:
ColdFusion 11 Update 12 and earlier versions.
ColdFusion (2016 release) Update 4 and earlier versions. - Impact: Remote Code Execution
- An improper neutralization of input during web page generation DOM-based cross-site scripting attack.(CVE-2017-3104)
- An improper neutralization of input during web page generation which leads to open redirect attack.(CVE-2017-3105)
- Affected Versions:
RH2017.0.1 and earlier versions
RH12.0.4.460 and earlier versions - Impact: Cross-site scripting
SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.