10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.5 Medium
AI Score
Confidence
Low
0.974 High
EPSS
Percentile
99.9%
Adobe Air is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:adobe:adobe_air";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.805621");
script_version("2024-02-09T05:06:25+0000");
script_cve_id("CVE-2015-3077", "CVE-2015-3078", "CVE-2015-3079", "CVE-2015-3080",
"CVE-2015-3081", "CVE-2015-3082", "CVE-2015-3083", "CVE-2015-3084",
"CVE-2015-3085", "CVE-2015-3086", "CVE-2015-3087", "CVE-2015-3088",
"CVE-2015-3089", "CVE-2015-3090", "CVE-2015-3091", "CVE-2015-3092",
"CVE-2015-3093");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"last_modification", value:"2024-02-09 05:06:25 +0000 (Fri, 09 Feb 2024)");
script_tag(name:"creation_date", value:"2015-05-15 14:07:44 +0530 (Fri, 15 May 2015)");
script_tag(name:"qod_type", value:"registry");
script_name("Adobe Air Multiple Vulnerabilities - 01 (May 2015) - Mac OS X");
script_tag(name:"summary", value:"Adobe Air is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Multiple flaws exist due to:
- Improper validation of user supplied input.
- A flaw in the Broker that is due to the BrokerCreateFile method not properly
sanitizing user input.
- An integer overflow condition that is triggered as user-supplied input is
not properly validated.
- An overflow condition that is triggered as user-supplied input is not
properly validated.
- Multiple unspecified memory disclosure flaws in Adobe Flash Player.
- Multiple unspecified type confusion flaws in Adobe Flash Player.
- Multiple unspecified flaws in Adobe Flash Player.
- A use-after-free error Adobe Flash Player.
- An unspecified TOCTOU flaw in Adobe Flash Player.");
script_tag(name:"impact", value:"Successful exploitation will allow a
context-dependent attacker to corrupt memory and potentially execute arbitrary
code, bypass security restrictions and gain access to sensitive information,
bypass protected mode, bypass validation mechanisms and write arbitrary data,
bypass the sandbox when chained with another vulnerability, bypass ASLR
protection mechanisms.");
script_tag(name:"affected", value:"Adobe Air versions before 17.0.0.172 on
Mac OS X.");
script_tag(name:"solution", value:"Upgrade to Adobe Air version 17.0.0.172
or later.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74614");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74605");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74612");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74608");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74613");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74610");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74616");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74609");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74617");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2015 Greenbone AG");
script_family("General");
script_dependencies("secpod_adobe_prdts_detect_macosx.nasl");
script_mandatory_keys("Adobe/Air/MacOSX/Version");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(!vers = get_app_version(cpe:CPE))
exit(0);
if(version_is_less(version:vers, test_version:"17.0.0.172"))
{
report = 'Installed version: ' + vers + '\n' +
'Fixed version: ' + "17.0.0.172" + '\n';
security_message(data:report);
exit(0);
}
www.securityfocus.com/bid/74605
www.securityfocus.com/bid/74608
www.securityfocus.com/bid/74609
www.securityfocus.com/bid/74610
www.securityfocus.com/bid/74612
www.securityfocus.com/bid/74613
www.securityfocus.com/bid/74614
www.securityfocus.com/bid/74616
www.securityfocus.com/bid/74617
helpx.adobe.com/security/products/flash-player/apsb15-09.html