Adobe have released updated versions of Adobe Connect. This update resolves an unrestricted SWF file upload vulnerability (CVE-2018-4921), which could be exploited to conduct cross-site scripting attacks. This update also resolves an OS command injection vulnerability in the Adobe Connect URI handler on Windows (CVE-2018-4923) that could result in unintended arbitrary local file removal or forced uninstall of the application.
Affected versions:
- Adobe Connect earlier than 9.7.5
More information can be read from Adobe's security bulletin.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment