Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Adobe AIR < 15.0.0.249 Multiple Vulnerabilities (APSB14-21)

High

Synopsis

The remote host is running an outdated version of Adobe AIR.

Description

Versions of Adobe AIR earlier than 15.0.0.249 are unpatched for the following vulnerabilities :

- Unspecified memory corruption issues exist that allow arbitrary code execution. (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0555) - An unspecified error exists that allows cross-origin policy violations. (CVE-2014-0548) - A use-after-free error exists that allows arbitrary code execution. (CVE-2014-0553) - An unspecified error exists that allows an unspecified security bypass. (CVE-2014-0554) - Unspecified errors exist that allow memory leaks leading to easier defeat of memory address randomization. (CVE-2014-0557) - Heap-based buffer overflow errors exist that allow arbitrary code execution. (CVE-2014-0556, CVE-2014-0559)

Solution

Upgrade to Adobe AIR 15.0.0.249 or later.