Adobe RoboHelp跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1208370 漏洞类型 跨站脚本
发布时间 2011-08-09 更新时间 2011-08-10
CVE编号 CVE-2011-2133 CNNVD-ID CNNVD-201108-201
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://www.securityfocus.com/bid/49105
https://cxsecurity.com/issue/WLB-2011080227
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201108-201
|漏洞详情
AdobeRoboHelp是美国奥多比(Adobe)公司的一套专业创作工具。该工具可用于开发帮助系统、电子教学内容、知识库等。AdobeRoboHelp8和9.0.1.262之前的9版本,RoboHelpServer8和9版本中存在跨站脚本攻击漏洞。远程攻击者可借助URI注入任意web脚本或HTML。
|漏洞EXP
Details for the CVE - 2011-2133 - Adobe RoboHelp9 DOM Cross Site
Scripting below have been published at the following URLs:

PDF version:
http://www.security-assessment.com/files/documents/advisory/Adobe_RoboHelp_9_-_DOM_XSS.pdf

HTML version:
http://malerisch.net/docs/advisories/adobe_robohelp_dom_cross_site_scripting_xss.html

For reference, original vendor advisory:
http://www.adobe.com/support/security/bulletins/apsb11-23.html

Mirror: http://www.exploit-db.com/download_pdf/17653
|受影响的产品
Adobe RoboHelp Server 8 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsof
|参考资料

来源:BID
名称:49106
链接:http://www.securityfocus.com/bid/49106
来源:www.adobe.com
链接:http://www.adobe.com/support/security/bulletins/apsb11-23.html
来源:SECUNIA
名称:45586
链接:http://secunia.com/advisories/45586
来源:NSFOCUS
名称:17496
链接:http://www.nsfocus.net/vulndb/17496