Facebook Google Plus Twitter LinkedIn YouTube RSS 功能表 搜尋 Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Adobe AIR < RCE (APSB16-23)



The remote host is running an outdated version of Adobe AIR that is affected by a Remote Code Execution (RCE) attack vector.


Versions of Adobe AIR prior to are affected by a flaw that is triggered when loading certain dynamic-link libraries.The program uses an insecure path to look for specific files or libraries that includes the current working directory, which may not be trusted or under user control.By placing a specially crafted library in the path and tricking a user into opening a file e.g. located on a remote WebDAV share, a context-dependent attacker can inject and execute arbitrary code with the privilege of the user running the program.


Upgrade to Adobe AIR or later.