Tuesday, November 18, 2008 8:34 AM cmosby

Adobe AIR Multiple Vulnerabilities -

Adobe AIR Multiple Vulnerabilities

Secunia Advisory: SA32772

Release Date: 2008-11-18

Popularity: 186 views
Critical:
Highly critical

Impact: System access
Where: From remote Solution Status: Vendor Patch
Software:Adobe AIR 1.x

Subscribe: Instant alerts on relevant vulnerabilities
CVE reference:CVE-2008-4824
CVE-2008-5108


Description:
Some vulnerabilities have been reported in Adobe AIR, which can be exploited by malicious people to compromise a user's system.

1) Multiple unspecified input validation errors in the parsing of SWF files can be exploited to potentially execute arbitrary code.

2) An unspecified error may allow execution of untrusted JavaScript with escalated privileges if data is loaded from a malicious source.

The vulnerabilities are reported in version 1.1 and prior.

Solution:
Update to version 1.5.
http://get.adobe.com/air

Provided and/or discovered by:
The vendor credits:
1) Riley Hassell and Josh Zelonis, iSEC Partners.
2) Chris Weber, Casaba Security.

Original Advisory:
http://www.adobe.com/support/security/bulletins/apsb08-22.html
http://www.adobe.com/support/security/bulletins/apsb08-23.html

Filed under: , , ,

Comments

No Comments