Summary
This host is installed with Adobe Air and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to bypass certain security restrictions, execute arbitrary code in the context of the browser or cause a denial of service (memory corruption) via unspecified vectors.
Impact Level: System/Application
Solution
Update to Adobe Air version 3.3.0.3610 or later,
For the updates refer, http://get.adobe.com/air
Insight
Multiple errors are caused,
- When parsing ActionScript.
- Within NPSWF32.dll when parsing certain tags.
- In the 'SoundMixer.computeSpectrum()' method, which can be exploited to bypass the same-origin policy.
- In the installer allows planting a binary file.
Affected
Adobe AIR version 3.2.0.2070 and prior on Mac OS X
References
Severity
Classification
-
CVE CVE-2012-2034, CVE-2012-2035, CVE-2012-2036, CVE-2012-2037, CVE-2012-2038, CVE-2012-2039, CVE-2012-2040 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities