Summary
This host is installed with Air and is prone to code execution and denial of service vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors.
Solution
Update to Adobe Air version 3.2.0.2070 or later,
For updates refer to http://get.adobe.com/air
Insight
The flaws are due to
- An error within an ActiveX Control when checking the URL security domain.
- An unspecified error within the NetStream class.
Affected
Adobe AIR version prior to 3.2.0.2070 on Windows
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2012-0724, CVE-2012-0725, CVE-2012-0772, CVE-2012-0773 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)
- Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)
- Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin)
- Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Windows)