Title

Adobe RoboHelp Cross Site Scripting Vulnerability (Cat II impact)

Discussion

Adobe has released a Security Bulletin addressing a vulnerability in Adobe RoboHelp. Adobe RoboHelp is an authoring tool for developing help systems, eLearning content, knowledge bases, and policies and procedures. To exploit this vulnerability, an attacker would entice a user of an affected system to access a malicious URL hosted on a web page or sent via email. If successfully exploited, this vulnerability would allow an attacker to conduct cross-site scripting attack on the affected system.At this time, there are no known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents.

Check Content

See IAVM notice and vendor bulletin for additional information. Vulnerable Applications/Systems: RoboHelp 9 (or 8) for Word on Windows Check the application’s version number by using the Help, About menu. Alternately, check the version through the Support information link for the program in Add or Remove Programs or in Programs and Features (Vista Forward). To expose the version column in Programs and Features right click somewhere in the column headers, select More and select Version.

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-31356

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.