Adobe AIR <= 18.104.22.168 Multiple Vulnerabilities (APSB15-05)
High Nessus Plugin ID 84155
SynopsisThe remote Windows host has a version of Adobe AIR installed that is affected by multiple vulnerabilities.
DescriptionAccording to its version, the installation of Adobe AIR on the remote Windows host is equal or prior to 22.214.171.124. It is, therefore, affected by multiple vulnerabilities :
- Multiple memory corruption flaws exist due to improper validation of user-supplied input. An attacker can exploit these flaws to execute arbitrary code.
(CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339)
- Multiple type confusions flaws exist that allow an attacker to execute arbitrary code. (CVE-2015-0334, CVE-2015-0336)
- A unspecified flaw exists that allows an attacker to bypass cross-domain policy. (CVE-2015-0337)
- An integer overflow condition exists due improper validation of user-supplied input. An attacker can exploit to execute arbitrary code. (CVE-2015-0338)
- A unspecified flaw exists that allows an attacker to bypass restrictions and upload arbitrary files.
- Multiple use-after-free errors exist that allow an attacker to deference already freed memory and execute arbitrary code. (CVE-2015-0341, CVE-2015-0342)
SolutionUpgrade to Adobe AIR 126.96.36.199 or later.