Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Other Patch Tuesday Updates (Adobe, Apple) - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Other Patch Tuesday Updates (Adobe, Apple)

Adobe released two bulletins today:

APSB13-24: Security update for RoboHelp

I don't remember seeing a pre-anouncement for this one. The update fixes an arbitrary code execution vulnerability (CVE-2013-5327) . Robohelp is only available for Window.

APSB13-25: Security update for Adobe Acrobat and Adobe Reader

This update fixes a problem that was introduced in a recent update and effects Javascript security controls. As a result, only version 11.0.4 appears affected, no earlier versions. Only the Windows version of these Adobe tools are affected.

Apple released iTunes 11.1.1 today. The respective security page has not yet been updated, but expect a link to the security content of this update within the next day or so. . This update only affects Windows. Patches for iTunes on OS X are usually released as part of OS X updates.

Did I miss any?




Johannes B. Ullrich, Ph.D.
SANS Technology Institute

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS Cyber Defence Japan August 2022


4511 Posts
ISC Handler
Oct 9th 2013
New flash - version 11.9.900.117 - but for some reason, its not listed on the adobe security advisories site.

19 Posts
It seems to be a bug fix release. No mention of security updates.
Ken S

3 Posts
Also, Adobe Air was updated to v presumably for bug fixes as well – no security bulletins have been released and there is no detailed documentation available at this time, but it is probably a good idea to update Air to the latest version as well.


Security update released for RoboHelp

Security update available for RoboHelp
Release date: October 8, 2013
Vulnerability identifier: APSB13-24
Priority: See table below
CVE number: CVE-2013-5327

Adobe has released a security update for RoboHelp 10 on the Windows operating system. This update addresses a vulnerability that could allow an attacker, who successfully exploits this vulnerability, to run malicious code on the affected system. Adobe recommends users of RoboHelp 10 apply the solution using the instructions provided in the "Solution" section below.

Affected software versions
RoboHelp 10 for Windows

Adobe recommends users of RoboHelp 10 apply the fix using the instructions below:
Backup the MDBMS.dll file:
1. Browse to the RoboHTML folder - the default location is %ProgramFiles%\Adobe\RoboHelp 10\RoboHTML\
2. Rename MDBMS.dll to MDBMS.old
Install the update:
1. Download the file
2. Move MDBMS.dll from the extracted location to %ProgramFiles%\Adobe\RoboHelp 10\RoboHTML\

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2013-5327).


iTunes 11.1.1 was actually released by Apple on 10/04/13

13 Posts

Sign Up for Free or Log In to start participating in the conversation!