Adobe AIR < 2.5.1 Multiple Vulnerabilities (APSB10-26)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a version of Adobe AIR that is
affected by multiple vulnerabilities.

Description :

The remote Windows host contains a version of Adobe AIR that is
earlier than 2.5.1. Such versions are affected by multiple
vulnerabilities:

- An error exists in the validation of input and, with
certain server encodings, lead to a violation of cross-
domain policy file restrictions. (CVE-2010-3636)

- An unspecified error exists which can lead to a denial
of service. (CVE-2010-3639)

- An error exists in the library loading logic and can
lead to arbitrary code execution. (CVE-2010-3976)

- There exist multiple memory corruption vulnerabilities
which can lead to arbitrary code execution.
(CVE-2010-3637, CVE-2010-3640, CVE-2010-3641,
CVE-2010-3642, CVE-2010-3643, CVE-2010-3644,
CVE-2010-3645, CVE-2010-3646, CVE-2010-3647,
CVE-2010-3648, CVE-2010-3649, CVE-2010-3650,
CVE-2010-3652, CVE-2010-3654)

See also :

http://www.adobe.com/support/security/bulletins/apsb10-26.html

Solution :

Upgrade to Adobe AIR 2.5.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true