Dangerous file upload in Adobe Connect

#VU11065 Dangerous file upload in Adobe Connect

Published: 2018-03-13 | Updated: 2018-03-13

Vulnerability identifier: #VU11065

Vulnerability risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4921

CWE-ID: CWE-434

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Adobe Connect
Client/Desktop applications / Other client software

Vendor: Adobe

Description
The vulnerability allows a remote attacker to upload .swf files.

The vulnerability exists due to insufficient input validation when processing file uploads. A remote attacker can upload a specially crafted .swf file and gain access to potentially sensitive information.

Mitigation
Update to version 9.7.5.

Vulnerable software versions

Adobe Connect: 9.4.1 - 9.7

External links
http://helpx.adobe.com//security/products/connect/apsb18-06.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Adobe Connect