Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Adobe AIR < 19.0.0.190 Multiple Vulnerabilities (APSB15-23)

High

Synopsis

The remote host is running an outdated version of Adobe AIR.

Description

Versions of Adobe AIR prior to 19.0.0.190 are outdated and thus unpatched for the following vulnerabilities :

- An unspecified stack corruption issue exists that allows a remote attacker to execute arbitrary code. (CVE-2015-5567, CVE-2015-5579) - A vector length corruption issue exists that allows a remote attacker to have an unspecified impact. (CVE-2015-5568) - A use-after-free error exists in an unspecified component due to improperly sanitized user-supplied input. A remote attacker can exploit this, via a specially crafted file, to dereference already freed memory and execute arbitrary code. (CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, CVE-2015-6682) - An unspecified flaw exists due to a failure to reject content from vulnerable JSONP callback APIs. A remote attacker can exploit this to have an unspecified impact. (CVE-2015-5571) - An unspecified flaw exists that allows a remote attacker to bypass security restrictions and gain access to sensitive information. (CVE-2015-5572) - An unspecified type confusion flaw exists that allows a remote attacker to execute arbitrary code. (CVE-2015-5573) - A flaw exists in an unspecified component due to improper validation of user-supplied input when handling a specially crafted file. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, CVE-2015-6677) - A memory leak issue exists that allows a remote attacker to have an unspecified impact. (CVE-2015-5576) - A stack buffer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-5587) - An unspecified overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-6676, CVE-2015-6678) - An unspecified flaw exists that allows a remote attacker to bypass same-origin policy restrictions and gain access to sensitive information. (CVE-2015-6679)

Solution

Upgrade to Adobe AIR 19.0.0.190 or later.