Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Adobe AIR < 14.0.0.137 Multiple Vulnerabilities (APSB14-17)

High

Synopsis

The remote host is running an outdated version of Adobe AIR.

Description

Versions of Adobe AIR earlier than 14.0.0.137 are affected by the following vulnerabilities :

- A flaw exists as data from JSONP callback APIs is insufficiently validated. With specially crafted SWF file content passed as a JSONP callback and then reflected by a vulnerable JSONP endpoint on a site, a context-dependent attacker can perform a Cross-Site Request Forgery (CSRF / XSRF) attack, causing the victim to perform various actions supported by the affected site. (CVE-2014-4671, CVE-2014-5333) - Multiple unspecified errors exist that could allow unspecified security bypass attacks. (CVE-2014-0537, CVE-2014-0539)

Solution

Upgrade to Adobe AIR 14.0.0.137 or later.