Adobe AIR < 18.104.22.1686 Multiple Vulnerabilities (APSB14-24)
High Nessus Network Monitor Plugin ID 8567
SynopsisThe remote host is running an outdated version of Adobe AIR.
DescriptionVersions of Adobe AIR earlier than 22.214.171.1246 are unpatched for the following vulnerabilities :
- Multiple memory corruption vulnerabilities allow an attacker to execute arbitrary code. (CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441)
- Multiple use-after-free vulnerabilities could result in arbitrary code execution. (CVE-2014-0573, CVE-2014-0588, CVE-2014-8438, CVE-2014-0574)
- Multiple type confusion vulnerabilities could result in arbitrary code execution. (CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0590)
- Multiple heap-based buffer overflow vulnerabilities can be exploited to execute arbitrary code or elevate privileges. (CVE-2014-0583, CVE-2014-0582, CVE-2014-0589)
- A permission issue that allows a remote attacker to gain elevated privileges. (CVE-2014-8442)
- An information disclosure vulnerability can be exploited to disclose secret session tokens. (CVE-2014-8437)
SolutionUpgrade to Adobe AIR 126.96.36.1996 or later.