Adobe AIR < 19.0.0.190 Multiple Vulnerabilities (APSB15-23)

Versions of Adobe AIR prior to 19.0.0.190 are outdated and thus unpatched for the following vulnerabilities :

• An unspecified stack corruption issue exists that allows a remote attacker to execute arbitrary code. (CVE-2015-5567, CVE-2015-5579)
• A vector length corruption issue exists that allows a remote attacker to have an unspecified impact. (CVE-2015-5568)
• A use-after-free error exists in an unspecified component due to improperly sanitized user-supplied input. A remote attacker can exploit this, via a specially crafted file, to dereference already freed memory and execute arbitrary code. (CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, CVE-2015-6682)
• An unspecified flaw exists due to a failure to reject content from vulnerable JSONP callback APIs. A remote attacker can exploit this to have an unspecified impact. (CVE-2015-5571)
• An unspecified flaw exists that allows a remote attacker to bypass security restrictions and gain access to sensitive information. (CVE-2015-5572)
• An unspecified type confusion flaw exists that allows a remote attacker to execute arbitrary code. (CVE-2015-5573)
• A flaw exists in an unspecified component due to improper validation of user-supplied input when handling a specially crafted file. A remote attacker can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, CVE-2015-6677)
• A memory leak issue exists that allows a remote attacker to have an unspecified impact. (CVE-2015-5576)
• A stack buffer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-5587)
• An unspecified overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-6676, CVE-2015-6678)
• An unspecified flaw exists that allows a remote attacker to bypass same-origin policy restrictions and gain access to sensitive information. (CVE-2015-6679)