Adobe AIR < 22.0.0.153 RCE (APSB16-23)

High Nessus Network Monitor Plugin ID 9974

Synopsis

The remote host is running an outdated version of Adobe AIR that is affected by a Remote Code Execution (RCE) attack vector.

Description

Versions of Adobe AIR prior to 22.0.0.153 are affected by a flaw that is triggered when loading certain dynamic-link libraries. The program uses an insecure path to look for specific files or libraries that includes the current working directory, which may not be trusted or under user control. By placing a specially crafted library in the path and tricking a user into opening a file e.g. located on a remote WebDAV share, a context-dependent attacker can inject and execute arbitrary code with the privilege of the user running the program.

Solution

Upgrade to Adobe AIR 22.0.0.153 or later.

See Also

https://helpx.adobe.com/security/products/air/apsb16-23.html

Plugin Details

Severity: High

ID: 9974

File Name: 9974.prm

Family: Web Clients

Published: 2017/03/01

Modified: 2017/03/01

Dependencies: 4759

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:adobe_air

Patch Publication Date: 2016/06/16

Vulnerability Publication Date: 2016/06/16

Reference Information

CVE: CVE-2016-4126

BID: 91252

OSVDB: 140111