Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Adobe AIR < 19.0.0.213 Multiple Vulnerabilities (APSB15-25)

Critical

Synopsis

The remote host is running an outdated version of Adobe AIR.

Description

Versions of Adobe AIR prior to 19.0.0.213 are outdated and thus unpatched for the following vulnerabilities :

- An unspecified vulnerability exists related to the defense-in-depth feature in the Flash Broker API. No other details are available. (CVE-2015-5569) - Multiple unspecified memory corruption issues exist due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634) - A unspecified vulnerability exists that can be exploited by a remote attacker to bypass the same-origin policy, allowing the disclosure of sensitive information. (CVE-2015-7628) - Multiple unspecified use-after-free errors exist that can be exploited by a remote attacker to dereference already freed memory, potentially allowing the execution of arbitrary code. (CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, CVE-2015-7644) - An unspecified buffer overflow condition exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-7632)

Solution

Upgrade to Adobe AIR 19.0.0.213 or later.