Adobe AIR < 220.127.116.11 Multiple Vulnerabilities (APSB14-17)
High Nessus Network Monitor Plugin ID 8327
SynopsisThe remote host is running an outdated version of Adobe AIR.
DescriptionVersions of Adobe AIR earlier than 18.104.22.168 are affected by the following vulnerabilities :
- A flaw exists as data from JSONP callback APIs is insufficiently validated. With specially crafted SWF file content passed as a JSONP callback and then reflected by a vulnerable JSONP endpoint on a site, a context-dependent attacker can perform a Cross-Site Request Forgery (CSRF / XSRF) attack, causing the victim to perform various actions supported by the affected site. (CVE-2014-4671, CVE-2014-5333)
- Multiple unspecified errors exist that could allow unspecified security bypass attacks. (CVE-2014-0537, CVE-2014-0539)
SolutionUpgrade to Adobe AIR 22.214.171.124 or later.