Adobe AIR < 22.0.0.153 RCE (APSB16-23)

high Nessus Network Monitor Plugin ID 9974

Synopsis

The remote host is running an outdated version of Adobe AIR that is affected by a Remote Code Execution (RCE) attack vector.

Description

Versions of Adobe AIR prior to 22.0.0.153 are affected by a flaw that is triggered when loading certain dynamic-link libraries. The program uses an insecure path to look for specific files or libraries that includes the current working directory, which may not be trusted or under user control. By placing a specially crafted library in the path and tricking a user into opening a file e.g. located on a remote WebDAV share, a context-dependent attacker can inject and execute arbitrary code with the privilege of the user running the program.

Solution

Upgrade to Adobe AIR 22.0.0.153 or later.

See Also

https://helpx.adobe.com/security/products/air/apsb16-23.html

Plugin Details

Severity: High

ID: 9974

Family: Web Clients

Published: 3/1/2017

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:adobe:adobe_air

Patch Publication Date: 6/16/2016

Vulnerability Publication Date: 6/16/2016

Reference Information

CVE: CVE-2016-4126

BID: 91252