Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Adobe AIR < 14.0.0.178 Multiple Vulnerabilities (APSB14-18)

Critical

Synopsis

The remote host is running an outdated version of Adobe AIR.

Description

Versions of Adobe AIR earlier than 14.0.0.178 are unpatched for vulnerabilities related to the flash-plugin's processing of certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or potentially execute arbitrary code when the SWF content is loaded. (CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545)

Additionally, insufficient input sanitation of data from the JSONP callback API could allow a context-dependent attacker to perform a cross-site request forgery (CSRF) attack, essentially forcing the victim to perform various actions supported by the affected website. (CVE-2014-5333, CVE-2015-3096)

Solution

Upgrade to Adobe AIR 14.0.0.178 or later.