Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Adobe AIR < Multiple Vulnerabilities (APSB14-17)



The remote host is running an outdated version of Adobe AIR.


Versions of Adobe AIR earlier than are affected by the following vulnerabilities :

- A flaw exists as data from JSONP callback APIs is insufficiently validated. With specially crafted SWF file content passed as a JSONP callback and then reflected by a vulnerable JSONP endpoint on a site, a context-dependent attacker can perform a Cross-Site Request Forgery (CSRF / XSRF) attack, causing the victim to perform various actions supported by the affected site. (CVE-2014-4671, CVE-2014-5333) - Multiple unspecified errors exist that could allow unspecified security bypass attacks. (CVE-2014-0537, CVE-2014-0539)


Upgrade to Adobe AIR or later.