HomePentest-Tools.com Logo

Adobe Air Multiple Vulnerabilities - 01 May15 (Windows) CVE-2015-3077CVE-2015-3078CVE-2015-3079CVE-2015-3080CVE-2015-3081CVE-2015-3082CVE-2015-3083CVE-2015-3084CVE-2015-3085CVE-2015-3086CVE-2015-3087CVE-2015-3088CVE-2015-3089CVE-2015-3090CVE-2015-3091CVE-2015-3092CVE-2015-3093

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Adobe Air is prone to multiple vulnerabilities.

Risk description

Multiple flaws exist due to: - Improper validation of user supplied input. - A flaw in the Broker that is due to the BrokerCreateFile method not properly sanitizing user input. - An integer overflow condition that is triggered as user-supplied input is not properly validated. - An overflow condition that is triggered as user-supplied input is not properly validated. - Multiple unspecified memory disclosure flaws in Adobe Flash Player. - Multiple unspecified type confusion flaws in Adobe Flash Player. - Multiple unspecified flaws in Adobe Flash Player. - A use-after-free error Adobe Flash Player. - An unspecified TOCTOU flaw in Adobe Flash Player. Successful exploitation will allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code, bypass security restrictions and gain access to sensitive information, bypass protected mode, bypass validation mechanisms and write arbitrary data, bypass the sandbox when chained with another vulnerability, bypass ASLR protection mechanisms.

Recommendation

Upgrade to Adobe Air version 17.0.0.172 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
May 13, 2015
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available