Adobe AIR < Multiple Vulnerabilities (APSB14-14)

High Nessus Network Monitor Plugin ID 8261


The remote host is running an outdated version of Adobe AIR.


Versions of Adobe AIR earlier than are unpatched for the following vulnerabilities :

- An overflow condition exists that is triggered as user-supplied input is not properly validated when handling display objects. This may allow a context-dependent attacker to cause a heap-based buffer overflow, allowing the execution of arbitrary code. (CVE-2014-0510)
- An unspecified vulnerability exists that could be used to bypass the same origin policy. (CVE-2014-0516)
- Multiple, unspecified security bypass vulnerabilities exist. (CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520)


Upgrade to Adobe AIR or later.

See Also

Plugin Details

Severity: High

ID: 8261

File Name: 8261.prm

Family: Web Clients

Published: 2014/05/21

Modified: 2016/11/23

Dependencies: 4759

Nessus ID: 73993, 73995

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 8.1

Temporal Score: 7.5


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:air

Patch Publication Date: 2014/05/13

Vulnerability Publication Date: 2014/03/13

Reference Information

CVE: CVE-2014-0510, CVE-2014-0516, CVE-2014-0517, CVE-2014-0518, CVE-2014-0519, CVE-2014-0520

BID: 66241, 67373, 67372, 67371, 67364, 67361

OSVDB: 106886, 106887, 106888, 106889, 106890, 104585