Life & Technology

[Download] Adobe Flash Player, RoboHelp & ColdFusion Updates for Fixing Vulnerabilities


Adobe teams have worked hard and brought some updates to life in order to fix eight vulnerabilities for their products. The Flash Player, RoboHelp & ColdFusion have been updated and now they no longer face critical memory corruption bugs or critical XML parsing flaw.

Adobe released the updates for the three products on 12 September in their security bulletins, containing information on the fixes, on vulnerabilities that were solved and at the end a list with Acknowledgments to all those who helped them solve those issues.

Adobe Flash Player Vulnerability Led to Code Execution

Adobe Flash Player had a vulnerability that could have led to code execution if it was exploited. Luckily the memory corruption issue was reported in time by Mateusz Jurczyk and Natalie Silvanovich from Google Project Zero and the two vulnerabilities, CVE-2017-11281, CVE-2017-11282 are no longer a threat to Adobe Flash Player.

ColdFusion Had 4 Bugs

ColdFusion encountered four bugs: XML parsing vulnerability, a cross-site scripting vulnerability and a mitigation for an unsafe Java deserialization. The vulnerabilities were considered important and for example the last one would result in code execution, similar to the Adobe Flash Player issue. The XML and XSS bugs were discovered by Depth Security’s Daniel Lawson and were soon resolved in an update for ColdFusion 2016 – reaching the number 5 in the update list and ColdFusion going from version 11 to 13.

RoboHelp for Windows has Both Versions Affected

RoboHelp for Windows has started in 2017 and it has an input validation vulnerability that could lead to cross-site scripting attacks and a vulnerability that could redirect users to phishing campaigns. The RoboHelp Versions RH2017.0.1 and RH12.0.4.460 have been affected by these vulnerabilities and will be updated.

These three updates come after Adobe has fixed in August 78 other vulnerabilities in more programs: Acrobat, Digital Editions, Experience Manager and Flash Player. Before that, in July and May Adobe fixed a small number of vulnerabilities, similar in weight as these new ones.