Adobe AIR < 2.6.0.19140 ActionScript Predefined Class Prototype Addition Remote Code Execution (APSB11-07)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a version of Adobe AIR that allows
arbitrary code execution.

Description :

The remote Windows host contains a version of Adobe AIR earlier than
2.6.0.19140. Such versions are reportedly affected by a memory
corruption vulnerability.

By tricking a user on the affected system into opening a specially
crafted document with Flash content, such as a SWF file embedded in a
Microsoft Word document, an attacker can potentially leverage this
issue to execute arbitrary code remotely on the system subject to the
user's privileges.

Note that there are reports that this issue is being exploited in the
wild as of April 2011.

See also :

http://www.nessus.org/u?9ee82b34
http://www.adobe.com/support/security/bulletins/apsb11-07.html

Solution :

Upgrade to Adobe AIR 2.6.0.19140 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 53474 ()

Bugtraq ID: 47314

CVE ID: CVE-2011-0611

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now