Adobe AIR < 2.7.1 Multiple Vulnerabilities (APSB11-21)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a version of Adobe AIR that is
affected by multiple vulnerabilities.

Description :

According to its version, the instance of Adobe AIR installed on the
remote Windows host is equal or prior to 2.7.1. It is, therefore,
affected by several critical vulnerabilities :

- Multiple buffer overflow conditions exist that allow a
remote attacker to execute arbitrary code.
(CVE-2011-2130, CVE-2011-2134, CVE-2011-2137,
CVE-2011-2414, CVE-2011-2415)

- Multiple memory corruption issues exist that allow a
remote attacker to execute arbitrary code.
(CVE-2011-2135, CVE-2011-2140, CVE-2011-2417,
CVE-2011-2425)

- Multiple integer overflow conditions exist that allow a
remote attacker to execute arbitrary code.
(CVE-2011-2136, CVE-2011-2138, CVE-2011-2416)

- A same-origin bypass vulnerability exists that allows a
remote attacker to obtain sensitive information.
(CVE-2011-2139)

See also :

http://www.nessus.org/u?46d1fce8
http://www.adobe.com/support/security/bulletins/apsb11-21.html

Solution :

Upgrade to Adobe AIR 2.7.1 (2.7.1.19610) or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now