Adobe RoboHelp for Word Unspecified XSS (APSB12-04) (credentialed check)

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by a
cross-site scripting vulnerability.

Description :

The version of RoboHelp on the remote host contains a cross-site
scripting vulnerability in its WordHelp output. An attacker may be
able to leverage this issue to execute arbitrary script code in the
browser in the context of the affected site and to steal cookie-based
authentication credentials.

Note that this plugin checks for a version of RoboHelp that would
generate WordHelp projects with a cross-site scripting vulnerability
rather than published projects with the vulnerability.

See also :

http://www.adobe.com/support/security/bulletins/apsb12-04.html

Solution :

Apply the patch referenced in the vendor advisory above. Once the
patch is applied, all WordHelp files need to be regenerated.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 58171 ()

Bugtraq ID: 52008

CVE ID: CVE-2012-0765

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now