Adobe Security Bulletin

Security update available for the Adobe Connect Add-In for Windows

Release date: May 23, 2016

Last updated: June 3, 2016

Vulnerability identifier: APSB16-17

Priority: 3

CVE number: CVE-2016-4118

Platform: Windows

Summary

Adobe has released a security update for the Adobe Connect Add-In for Windows. This update resolves an untrusted search path vulnerability in the Connect Add-In installer, and Adobe recommends users update their product installation using the instructions provided in the “Solution” Section below.

Affected Versions

Product Affected Versions Platform
Adobe Connect Add-In 11.9.975.228 and earlier versions Windows

Solution

Adobe recommends customers update the Connect Add-In to the newest version by following the instructions below.

Note: This issue will be automatically resolved for Hosted Connect customers once the account is upgraded to Connect 9.5.3.

Product Updated Version Platform Priority rating Availability
Adobe Connect Add-In 11.9.976.291
Windows 3 Download

Vulnerability Details

This update resolves an untrusted search path vulnerability in the Connect add-in installer (CVE-2016-4118).

Acknowledgments

Adobe would like to thank Anand Bhat for reporting this issue (CVE-2016-4118) and for working with Adobe to help protect our customers.

Revisions

June 3, 2016: Added clarifying details regarding the specific component impacted by CVE-2016-4118, and modified the Download URL to point to the Connect Add-in download page.