Adobe AIR APSB08-23 / APSB08-22 / APSB08-20 / APSB08-18 Multiple Vulnerabilities

According to its version number, an instance of Adobe AIR on the remote Windows host is 1.5 or earlier. Such versions are potentially affected by several vulnerabilities :

• A potential port-scanning issue. (CVE-2007-4324)

• Possible privilege escalation attacks against web servers hosting Flash content and cross-domain policy files. (CVE-2007-6243)

• Potential Clipboard attacks. (CVE-2008-3873)

• FileReference upload and download APIs that don’t require user interaction. (CVE-2008-4401)

• A potential cross-site scripting vulnerability. (CVE-2008-4818)

• A potential issue that could be leveraged to conduct a DNS rebinding attack. (CVE-2008-4819)

• An information disclosure issue affecting only the ActiveX control. (CVE-2008-4820)

• An information disclosure issue involving interpretation of the 'jar: ’ protocol and affecting only the plugin for Mozilla browsers. (CVE-2008-4821)

• An issue with policy file interpretation could potentially lead to bypass of a non-root domain policy. (CVE-2008-4822)

• A potential HTML injection issue involving an ActionScript attribute. (CVE-2008-4823)

• Multiple input validation errors could potentially lead to execution of arbitrary code. (CVE-2008-4824)

• An Adobe AIR application that loads data from an untrusted source could allow an attacker to execute untrusted JavaScript with elevated privileges. (CVE-2008-5108)