Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Adobe AIR < 1.5.2 Multiple Vulnerabilities (APSB09-10)

Medium

Synopsis

The remote host is vulnerable to multiple attack vectors

Description

The remote Windows host contains a version of Adobe AIR Player that is earlier than 1.5.2. Such versions are reportedly affected by multiple vulnerabilities :

- A memory corruption vulnerability that could potentially lead to code execution. (CVE-2009-1862)

- A privilege escalation vulnerability that could potentially lead to code execution. (CVE-2009-1863)

- A heap overflow vulnerability that could potentially lead to code execution. (CVE-2009-1864)

- A null pointer vulnerability that could potentially lead to code execution. (CVE-2009-1865)

- A stack overflow vulnerability that could potentially lead to code execution. (CVE-2009-1866)

- A clickjacking vulnerability that could allow an attacker to lure a web browser user into unknowingly clicking on a link or dialog. (CVE-2009-1867)

- A URL parsing heap overflow vulnerability that could potentially lead to code execution. (CVE-2009-1868)

- An integer overflow vulnerability that could potentially lead to code execution. (CVE-2009-1869)

- A local sandbox vulnerability that could potentially lead to information disclosure when SWFs are saved to the hard drive. CVE-2009-1870)

Solution

Upgrade to Adobe AIR version 1.5.2 or later."