Adobe AIR < Multiple Vulnerabilities (APSB14-18)

Critical Nessus Network Monitor Plugin ID 8358


The remote host is running an outdated version of Adobe AIR.


Versions of Adobe AIR earlier than are unpatched for vulnerabilities related to the flash-plugin's processing of certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or potentially execute arbitrary code when the SWF content is loaded. (CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545)

Additionally, insufficient input sanitation of data from the JSONP callback API could allow a context-dependent attacker to perform a cross-site request forgery (CSRF) attack, essentially forcing the victim to perform various actions supported by the affected website. (CVE-2014-5333, CVE-2015-3096)


Upgrade to Adobe AIR or later.

See Also

Plugin Details

Severity: Critical

ID: 8358

Family: Web Clients

Published: 2014/08/20

Updated: 2019/03/06

Dependencies: 4759

Nessus ID: 77193

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:air

Patch Publication Date: 2014/08/12

Vulnerability Publication Date: 2014/08/12

Reference Information

CVE: CVE-2014-5333, CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545, CVE-2015-3096

BID: 69320, 69197, 69196, 69195, 69194, 69192, 69191, 69190, 68457, 75088