This script is Copyright (C) 2008-2017 Tenable Network Security, Inc.
The remote Windows host contains a runtime environment that is
affected by multiple issues.
According to its version number, an instance of Adobe AIR on the
remote Windows host is 1.1 or earlier. Such versions are potentially
affected by several vulnerabilities (APSB08-23 / APSB08-22 /
APSB08-20 / APSB08-18):
- A potential port-scanning issue. (CVE-2007-4324)
- Possible privilege escalation attacks against web
servers hosting Flash content and cross-domain policy
- Potential Clipboard attacks. (CVE-2008-3873)
- FileReference upload and download APIs that don't
require user interaction. (CVE-2008-4401)
- A potential cross-site scripting vulnerability.
- A potential issue that could be leveraged to conduct
a DNS rebinding attack. (CVE-2008-4819)
- An information disclosure issue affecting only the
ActiveX control. (CVE-2008-4820)
- An information disclosure issue involving interpretation
of the 'jar:' protocol and affecting only the plugin for
Mozilla browsers. (CVE-2008-4821)
- An issue with policy file interpretation could
potentially lead to bypass of a non-root domain policy.
- A potential HTML injection issue involving an
ActionScript attribute. (CVE-2008-4823)
- Multiple input validation errors could potentially lead
to execution of arbitrary code. (CVE-2008-4824)
- An Adobe AIR application that loads data from an
untrusted source could allow an attacker to execute
See also :
Upgrade to Adobe AIR version 1.5 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false
Nessus Plugin ID: 34815 (adobe_air_apsb08-23.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now