This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.
The remote Windows host contains a version of Adobe AIR that is
affected by multiple vulnerabilities.
According to its version, the instance of Adobe AIR installed on the
remote Windows host is 3.0 or earlier and is reportedly affected by
several critical vulnerabilities :
- Several unspecified memory corruption errors
exist that could lead to code execution.
(CVE-2011-2445, CVE-2011-2451, CVE-2011-2452,
CVE-2011-2453, CVE-2011-2454, CVE-2011-2455,
- An unspecified heap corruption error exists that could
lead to code execution. (CVE-2011-2450)
- An unspecified buffer overflow error exists that could
lead to code execution. (CVE-2011-2456)
- An unspecified stack overflow error exists that could
lead to code execution. (CVE-2011-2457)
- An unspecified error related to Internet Explorer can
allow cross-domain policy violations. (CVE-2011-2458)
By tricking a user on the affected system into opening a specially
crafted document with Flash content, an attacker could leverage these
vulnerabilities to execute arbitrary code remotely on the system
subject to the user's privileges.
See also :
Upgrade to Adobe AIR 3.1 (220.127.116.1180) or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true
Nessus Plugin ID: 56959 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now