Adobe AIR <= 3.9.0.1380 Multiple Vulnerabilities (APSB14-02)

High

Synopsis

The remote host contains a browser plug-in that is affected by multiple vulnerabilities.

Description

Versions of Adobe AIR equal to or earlier than 3.9.0.1380 are potentially affected by the following vulnerabilities:

- An unspecified vulnerability exists that can be used to bypass Flash Player security protections. (CVE-2014-0491)

- An unspecified vulnerability exists that can be used to bypass memory address layout randomization. (CVE-2014-0492)

Solution

Upgrade to Adobe AIR 4.0.0.1390 or later.