Improper input validation in Adobe Connect

#VU11066 Improper input validation in Adobe Connect

Published: 2018-03-13 | Updated: 2018-03-13

Vulnerability identifier: #VU11066

Vulnerability risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-4923

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Adobe Connect
Client/Desktop applications / Other client software

Vendor: Adobe

Description
The vulnerability allows a remote attacker to delete arbitrary files on the system.

The vulnerability exists due to input validation error when processing URI. A remote attacker can remove arbitrary files on the system or force uninstall of the application.

Mitigation
Update to version 9.7.5.

Vulnerable software versions

Adobe Connect: 9.4.1 - 9.7

External links
http://helpx.adobe.com//security/products/connect/apsb18-06.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Adobe Connect