===================================================================== CERT-Renater Note d'Information No. 2013/VULN443 _____________________________________________________________________ DATE : 09/10/2013 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows running RoboHelp version 10. ====================================================================== https://www.adobe.com/support/security/bulletins/apsb13-24.html ______________________________________________________________________ Security update available for RoboHelp Release date: October 8, 2013 Vulnerability identifier: APSB13-24 Priority: See table below CVE number: CVE-2013-5327 Platform: Windows SUMMARY Adobe has released a security update for RoboHelp 10 on the Windows operating system. This update addresses a vulnerability that could allow an attacker, who successfully exploits this vulnerability, to run malicious code on the affected system. Adobe recommends users of RoboHelp 10 apply the solution using the instructions provided in the "Solution" section below. AFFECTED SOFTWARE VERSIONS RoboHelp 10 for Windows SOLUTION Adobe recommends users of RoboHelp 10 apply the fix using the instructions below: Backup the MDBMS.dll file: 1. Browse to the RoboHTML folder - the default location is %ProgramFiles%\Adobe\RoboHelp 10\RoboHTML\ 2. Rename MDBMS.dll to MDBMS.old Install the update: 1. Download the APSB13-24.zip file 2. Move MDBMS.dll from the extracted location to %ProgramFiles%\Adobe\RoboHelp 10\RoboHTML\ PRIORITY AND SEVERITY RATINGS Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version: Product Platform Priority rating RoboHelp 10 Windows 3 This update addresses a critical vulnerability in the software. DETAILS Adobe has released a security update for Adobe RoboHelp 10 on the Windows operating system. This update addresses a vulnerability that could allow an attacker, who successfully exploits this vulnerability, to run malicious code on the affected system. Adobe recommends users of Adobe RoboHelp 10 apply the solution using the instructions provided in the "Solution" section above. This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2013-5327). ACKNOWLEDGMENTS Adobe would like to thank Jeremy Brown at Microsoft and Microsoft Vulnerability Research (CVE-2013-5327) for reporting this issue and for working with Adobe to help protect our customers. ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================