Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Adobe AIR < RCE (APSB16-23)



The remote host is running an outdated version of Adobe AIR that is affected by a Remote Code Execution (RCE) attack vector.


Versions of Adobe AIR prior to are affected by a flaw that is triggered when loading certain dynamic-link libraries. The program uses an insecure path to look for specific files or libraries that includes the current working directory, which may not be trusted or under user control. By placing a specially crafted library in the path and tricking a user into opening a file e.g. located on a remote WebDAV share, a context-dependent attacker can inject and execute arbitrary code with the privilege of the user running the program.


Upgrade to Adobe AIR or later.