Adobe AIR < 220.127.116.11 Multiple Vulnerabilities (APSB14-18)
Critical Nessus Network Monitor Plugin ID 8358
The remote host is running an outdated version of Adobe AIR.
Versions of Adobe AIR earlier than 18.104.22.168 are unpatched for vulnerabilities related to the flash-plugin's processing of certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or potentially execute arbitrary code when the SWF content is loaded. (CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545) Additionally, insufficient input sanitation of data from the JSONP callback API could allow a context-dependent attacker to perform a cross-site request forgery (CSRF) attack, essentially forcing the victim to perform various actions supported by the affected website. (CVE-2014-5333, CVE-2015-3096)