Adobe Security Bulletin

Security update available for Adobe Connect

Release date: November 8, 2016

Vulnerability identifier: APSB16-35

Priority: 3

CVE number: CVE-2016-7851

Platform: Windows

Summary

Adobe has released a security update for Adobe Connect for Windows. This update resolves an input validation vulnerability in the events registration module that could be used in cross-site scripting attacks. Adobe recommends users update their product installation using the instructions provided in the “Solution” Section below.

Affected Versions

Product Affected Versions Platform
Adobe Connect 9.5.6 and earlier versions Windows

Solution

Adobe recommends customers update the Connect instance to the newest version by following the instructions below.

Note: This issue will be automatically resolved for Connect customers using Adobe's hosted services once the account is upgraded to Connect 9.5.7.

Product Updated Version Platform Priority rating Availability
Adobe Connect 9.5.7
Windows 3 Release notes

Vulnerability Details

This update resolves an input validation vulnerability in the events registration module that could be used in cross-site scripting attacks (CVE-2016-7851).

Acknowledgments

Adobe would like to thank Benjamin Kunz Mejri of Vulnerability Laboratory [Research Team] for reporting this issue (CVE-2016-7851) and for working with Adobe to help protect our customers.