Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Adobe AIR < 20.0.0.233 Multiple Vulnerabilities (APSB16-01)

Critical

Synopsis

The remote host is running an outdated version of Adobe AIR.

Description

Versions of Adobe AIR prior to 20.0.0.233 are outdated and thus unpatched for the following vulnerabilities :

- A type confusion error exists that a remote attacker can exploit to execute arbitrary code. (CVE-2015-8644) - An integer overflow condition exists that a remote attacker can exploit to execute arbitrary code. (CVE-2015-8651) - Multiple use-after-free errors exist that a remote attacker can exploit to execute arbitrary code. (CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650) - Multiple memory corruption issues exist that allow a remote attacker to execute arbitrary code. (CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645)

Solution

Upgrade to Adobe AIR 20.0.0.233 or later.