Detections
Analytics
Adobe AIR 3.x <= 3.1.0.4880 Multiple Memory Corruption Vulnerabilities (APSB12-07)
high Nessus Plugin ID 58537
Language:
Synopsis
The remote Windows host contains a version of Adobe AIR that is affected by multiple memory corruption vulnerabilities.Description
According to its version, the instance of Adobe AIR 3.x on the remote Windows host is 3.1.0.4880 or earlier and is reportedly affected by several critical memory corruption vulnerabilities :- Memory corruption vulnerabilities related to URL security domain checking. (CVE-2012-0772)
- A flaw in the NetStream Class that could lead to remote code execution. (CVE-2012-0773)
By tricking a victim into visiting a specially crafted page, an attacker may be able to utilize these vulnerabilities to execute arbitrary code subject to the users' privileges.
Solution
Upgrade to Adobe AIR 3.2 (3.2.0.2070) or later.See Also
http://www.zerodayinitiative.com/advisories/ZDI-12-057/
http://www.securityfocus.com/archive/1/522413/30/0/threaded
http://www.adobe.com/support/security/bulletins/apsb12-07.html
Plugin Details
Severity: High
ID: 58537
File Name: adobe_air_apsb12-07.nasl
Version: 1.15
Type: local
Agent: windows
Family: Windows
Published: 3/30/2012
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:adobe:air
Required KB Items: SMB/Adobe_AIR/Version, SMB/Adobe_AIR/Path
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/28/2012
Vulnerability Publication Date: 3/28/2012
Reference Information
CVE: CVE-2012-0772, CVE-2012-0773
BID: 52748