Detections
Analytics
Adobe AIR < 14.0.0.178 Multiple Vulnerabilities (APSB14-18)
critical Nessus Network Monitor Plugin ID 8358
Synopsis
The remote host is running an outdated version of Adobe AIR.Description
Versions of Adobe AIR earlier than 14.0.0.178 are unpatched for vulnerabilities related to the flash-plugin's processing of certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or potentially execute arbitrary code when the SWF content is loaded. (CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545)Additionally, insufficient input sanitation of data from the JSONP callback API could allow a context-dependent attacker to perform a cross-site request forgery (CSRF) attack, essentially forcing the victim to perform various actions supported by the affected website. (CVE-2014-5333, CVE-2015-3096)
Solution
Upgrade to Adobe AIR 14.0.0.178 or later.See Also
http://helpx.adobe.com/security/products/flash-player/apsb14-18.html
http://miki.it/blog/2014/8/15/adobe-really-fixed-rosetta-flash-today
Plugin Details
Severity: Critical
ID: 8358
Family: Web Clients
Published: 8/20/2014
Updated: 3/6/2019
Nessus ID: 77193
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:adobe:air
Patch Publication Date: 8/12/2014
Vulnerability Publication Date: 8/12/2014
Reference Information
CVE: CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545, CVE-2014-5333, CVE-2015-3096
BID: 69320, 75088, 68457, 69190, 69191, 69192, 69194, 69195, 69196, 69197