Adobe AIR < 1.5 Multiple Vulnerabilities (APSB08-23)

This script is Copyright (C) 2008-2017 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains a runtime environment that is
affected by multiple issues.

Description :

According to its version number, an instance of Adobe AIR on the
remote Windows host is 1.1 or earlier. Such versions are potentially
affected by several vulnerabilities (APSB08-23 / APSB08-22 /
APSB08-20 / APSB08-18):

- A potential port-scanning issue. (CVE-2007-4324)

- Possible privilege escalation attacks against web
servers hosting Flash content and cross-domain policy
files. (CVE-2007-6243)

- Potential Clipboard attacks. (CVE-2008-3873)

- FileReference upload and download APIs that don't
require user interaction. (CVE-2008-4401)

- A potential cross-site scripting vulnerability.

- A potential issue that could be leveraged to conduct
a DNS rebinding attack. (CVE-2008-4819)

- An information disclosure issue affecting only the
ActiveX control. (CVE-2008-4820)

- An information disclosure issue involving interpretation
of the 'jar:' protocol and affecting only the plugin for
Mozilla browsers. (CVE-2008-4821)

- An issue with policy file interpretation could
potentially lead to bypass of a non-root domain policy.

- A potential HTML injection issue involving an
ActionScript attribute. (CVE-2008-4823)

- Multiple input validation errors could potentially lead
to execution of arbitrary code. (CVE-2008-4824)

- An Adobe AIR application that loads data from an
untrusted source could allow an attacker to execute
untrusted JavaScript with elevated privileges.

See also :

Solution :

Upgrade to Adobe AIR version 1.5 or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now