Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Adobe AIR < Multiple Vulnerabilities (APSB14-18)



The remote host is running an outdated version of Adobe AIR.


Versions of Adobe AIR earlier than are unpatched for vulnerabilities related to the flash-plugin's processing of certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or potentially execute arbitrary code when the SWF content is loaded. (CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545)

Additionally, insufficient input sanitation of data from the JSONP callback API could allow a context-dependent attacker to perform a cross-site request forgery (CSRF) attack, essentially forcing the victim to perform various actions supported by the affected website. (CVE-2014-5333, CVE-2015-3096)


Upgrade to Adobe AIR or later.