14 DAY TRIAL // Adobe has patched a security hole in the Windows versions of RoboHelp 10, Adobe Reader and Adobe Acrobat XI (11.0.04).
The Acrobat and Reader vulnerability, CVE-2013-5325, is a regression that affects the JavaScript security controls. The flaw can be leveraged to launch JavaScript scheme URIs when viewing a PDF document in the browser.
The RoboHelp security hole, CVE-2013-5327, could have been exploited to run malicious code on vulnerable systems.
The Reader and Acrobat issue was reported by Mario Heiderich. The RoboHelp vulnerability report was submitted by Jeremy Brown at Microsoft and Microsoft Vulnerability Research.
Users of Adobe Reader and Acrobat 11.0.04 are advised to update their installations to the 11.0.05 variant. Reader and Acrobat 10.1.8 and earlier versions for Windows are not impacted. The vulnerability also doesn’t affect Mac versions.
RoboHelp 10 users are advised to download the patch and move the MDBMS.dll file from the extracted location to %ProgramFiles%\Adobe\RoboHelp 10\RoboHTML\. Make sure you do a backup of the original MDBMS.dll file before applying the patch.
Download Adobe Reader Download Adobe Acrobat Download Adobe RoboHelp