Adobe AIR < 18.104.22.168 RCE (APSB16-23)
High Nessus Network Monitor Plugin ID 9974
SynopsisThe remote host is running an outdated version of Adobe AIR that is affected by a Remote Code Execution (RCE) attack vector.
DescriptionVersions of Adobe AIR prior to 22.214.171.124 are affected by a flaw that is triggered when loading certain dynamic-link libraries. The program uses an insecure path to look for specific files or libraries that includes the current working directory, which may not be trusted or under user control. By placing a specially crafted library in the path and tricking a user into opening a file e.g. located on a remote WebDAV share, a context-dependent attacker can inject and execute arbitrary code with the privilege of the user running the program.
SolutionUpgrade to Adobe AIR 126.96.36.199 or later.