Issues the date: 2008-07-08
Renewal date: 2008-07-10
Is affected the system:
Adobe RoboHelp Server 7
Adobe RoboHelp Server 6
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 30137
CVE(CAN) ID: CVE-2008-2991
Adobe RoboHelp the Server software uses in expanding and supporting Adobe RoboHelp the function, provides the help system and the knowledge library for the stand and intranet.
RoboHelp Server has not filtered certain URL input then to return correctly has given the user, if the aggressor can visit RoboHelp to help the wrong diary, or trapped to be able to visit this diary the user to click on malicious URL, might carry out the cross station script attack.
<* origin: Greg Patton
Link: http://secunia.com/advisories/31001/
http://www.adobe.com/support/security/bulletins/apsb08-16.html
http://marc.info/?l=full-disclosure&m=121559737330585&w=2
*>
Suggested:
--------------------------------------------------------------------------------
Temporary solution:
* blocks to 80/TCP and the 443/TCP port cannot trust the communication.
Manufacturer patch:
Adobe
-----
At present the manufacturer had already issued the promotion patch repairs this security problem, welcome to manufacturer main page downloading:
http://www.adobe.com/support/security/bulletins/downloads/apsb08-16.zip
|