Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Adobe Shockwave Player and RoboHelp for Word Patches SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe Shockwave Player and RoboHelp for Word Patches

Adobe released two security bulletins for today's patch tuesday kickoff:

APSB12-02 [1]: Security update for Adobe Shockwave Player

This patch fixes a total of 9 vulnerabilities that affect Shockwave Player 11.6.3.633 and earlier on Windows and OS X. After the update is applied, you should be at version 11.6.4.634. Adobe rates these vulnerabilities critical as some of them allow the execution of arbitrary code. 

APSB12-04 [2]: Security update for RoboHelp for Word

RoboHelp is not as commonly installed as other Adobe products. This patch fixes one vulnerability that is considered important. The vulnerability introduces a cross site scripting flaw in output generated by RoboHelp. I am not that familiar with the product, but even though Adobe doesn't specify it, it sounds like it may be necessary to re-create RoboHelp output after the update is applied to avoid the XSS issue in content generated with older versions.

 

[1] http://www.adobe.com/support/security/bulletins/apsb12-02.html
[2] http://www.adobe.com/support/security/bulletins/apsb12-04.html

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020

Johannes

3693 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!