Adobe AIR < 220.127.116.110 Multiple Vulnerabilities (APSB14-02)
High Nessus Network Monitor Plugin ID 8106
SynopsisThe remote host is running an outdated version of Adobe AIR.
DescriptionVersions of Adobe AIR earlier than 18.104.22.1680 are unpatched for the following vulnerabilities :
- A flaw exists when requesting sites using 'jar:' URIs that enables a context-dependent attacker to bypass 'AllowScriptAccess=never' security protection mechanisms. No further details have been provided by the vendor. (CVE-2014-0491)
- A flaw exists in the ActionScript Virtual Machine. The issue is due to the AVM not properly sanitizing values before jumping to them. An attacker can use this issue to leak addresses from 'Flash.ocx' within the current process, making exploitation of issues considerably easier. (CVE-2014-0492)
SolutionUpgrade to Adobe AIR 22.214.171.1240 or later.