Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Adobe AIR < 1.5.3 Multiple Vulnerabilities (APSB09-19)

Medium

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote Windows host contains a version of Adobe AIR player that is earlier than 1.5.3. Such versions are reportedly affected by multiple vulnerabilities :

- A vulnerability in the parsing of JPEG data that could potentially lead to code execution. (CVE-2009-3794)

- A data injection vulnerability that could potentially lead to code execution. (CVE-2009-3796)

- A memory corruption vulnerability that could potentially lead to code execution. (CVE-2009-3797)

- A memory corruption vulnerability that could potentially lead to code execution. (CVE-2009-3798)

- An integer overflow vulnerability that could potentially lead to code execution. (CVE-2009-3799)

- Multiple crash vulnerabilities that could potentially lead to code execution. (CVE-2009-3800)

- A Windows-only local file name access vulnerability in the Flash Player ActiveX control that could potentially lead to information disclosure. (CVE-2009-3951)

Solution

Upgrade to Adobe AIR 1.5.3 or later.