Multiple vulnerabilities in Adobe Captivate
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2017-3087 CVE-2017-3098 |
| CWE-ID | CWE-200 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Adobe Captivate Client/Desktop applications / Office applications |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU7024
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3087
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information
The weakness exists due to improper input validation. A remote attacker can abuse the quiz reporting feature in Captivate and read arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Update to version 10.0.0.192.
Vulnerable software versionsAdobe Captivate: 2 - 9
CPE2.3- cpe:2.3:a:adobe:adobe_captivate:2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_captivate:3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_captivate:4:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/captivate/apsb17-19.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU49466
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-3098
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in the quiz reporting feature. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsAdobe Captivate: 2 - 9
CPE2.3- cpe:2.3:a:adobe:adobe_captivate:2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_captivate:3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:adobe_captivate:4:*:*:*:*:*:*:*
https://helpx.adobe.com/security/products/captivate/apsb17-19.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
