Summary
This host is installed with Adobe Air
and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow
remote attackers to disclose potentially sensitive information and compromise a user's system.
Impact Level: System/Application.
Solution
Upgrade to Adobe AIR version 16.0.0.245
or later. For updates refer to http://get.adobe.com/air
Insight
Multiple flaws exists due to,
- An unspecified error related to improper file validation.
- Another unspecified error which can be exploited to capture keystrokes.
- Two unspecified errors which can be exploited to corrupt memory.
- Two unspecified errors which can be exploited to cause a heap-based buffer overflow.
- A type confusion error which can be exploited to corrupt memory.
- An out-of-bounds read error.
- An unspecified use-after-free error.
Affected
Adobe AIR before version 16.0.0.245
on Windows
Detection
Get the installed version with the help
of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2015-0301, CVE-2015-0302, CVE-2015-0303, CVE-2015-0304, CVE-2015-0305, CVE-2015-0306, CVE-2015-0307, CVE-2015-0308, CVE-2015-0309 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux)
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Windows)
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
- Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)