Accessibility

Security bulletin

Update available to address Adobe Connect Enterprise Server security issues

Release date: February 12, 2008

Vulnerability identifier: APSB08-04

CVE number: CVE-2007-6431, CVE-2007-6148, CVE-2007-6149

Platform: All platforms

Affected software versions: Adobe Connect Enterprise Server 6
NOTE: Adobe Connect Enterprise Hosted customers are not affected by this issue.

Summary

Vulnerabilities have been identified in Adobe Connect Enterprise Server 6 that could potentially allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe recommends Adobe Connect Enterprise Server administrators update their product installations. This Security Bulletin is related to the Flash Media Server update described in Security Bulletin APSB08-03.

Solution

Adobe recommends Adobe Connect Enterprise Server administrators install the Adobe Connect 6 Service Pack 3 Update February 12, 2008.

Severity rating

Adobe categorizes this as a critical issue and recommends affected users update their installations using the above instructions.

Details

Critical vulnerabilities have been identified in Adobe Connect Enterprise Server 6 that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. Adobe recommends Adobe Connect Enterprise Server administrators update their product installations. Attackers would need to be able to connect to TCP port 1935 to exploit this issue. This Security Bulletin is related to the Flash Media Server update described in Security Bulletin APSB08-03. This issue is remotely exploitable.
NOTE: Adobe Connect Enterprise Hosted customers are not affected by this issue.

Acknowledgments

Adobe would like to thank Sebastian Apelt and Sean Larsson of iDefense Labs for reporting this vulnerability and for working with us to help protect our customers' security.